CPANSA-Clipboard-2014-5509: Clipboard vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2018-01-08T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2018-01-08T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	5.5	Severity	Medium
Original language		Language	en
Also referred to

Vulnerability Description

clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.

Vulnerabilities

CVE-2014-5509

Vulnerability Description

clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.

Weakness	CWE-59 : Improper Link Resolution Before File Access ('Link Following')

Product status

Known affected

Product

Score

Clipboard less than 0.16

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.0	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	5.5	Medium
2.0	AV:L/AC:L/Au:N/C:N/I:P/A:P	3.6	Low

Fixed

Clipboard greater than or equal 0.16

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-Clipboard-2014-5509 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2018/cpansa-clipboard-2014-5509.json
https://rt.cpan.org/Public/Bug/Display.html?id=98435 external
https://rt.cpan.org/Public/Bug/Display.html?id=98435
https://bugzilla.redhat.com/show_bug.cgi?id=1135624 external
https://bugzilla.redhat.com/show_bug.cgi?id=1135624
http://www.securityfocus.com/bid/69473 external
http://www.securityfocus.com/bid/69473
http://www.openwall.com/lists/oss-security/2014/08/30/2 external
http://www.openwall.com/lists/oss-security/2014/08/30/2
CVE-2014-5509 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2014-5509

Revision history

Version	Date of the revision	Summary of the revision
1	Mon Jan 8 00:00:00 2018	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/