CPANSA-Config-IniFiles-2012-2451: Config-IniFiles vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2012-06-27T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2012-06-27T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.
Vulnerabilities
CVE-2012-2451
Vulnerability DescriptionThe Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Config-IniFiles less than 2.71 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Config-IniFiles-2012-2451 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2012/cpansa-config-inifiles-2012-2451.json - http://www.openwall.com/lists/oss-security/2012/05/02/6 external
http://www.openwall.com/lists/oss-security/2012/05/02/6 - http://www.osvdb.org/81671 external
http://www.osvdb.org/81671 - http://secunia.com/advisories/48990 external
http://secunia.com/advisories/48990 - https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59 external
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59 - https://bugzilla.redhat.com/show_bug.cgi?id=818386 external
https://bugzilla.redhat.com/show_bug.cgi?id=818386 - http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html external
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html - http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html external
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html - http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html external
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html - http://www.securityfocus.com/bid/53361 external
http://www.securityfocus.com/bid/53361 - http://www.ubuntu.com/usn/USN-1543-1 external
http://www.ubuntu.com/usn/USN-1543-1 - https://exchange.xforce.ibmcloud.com/vulnerabilities/75328 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/75328 - CVE-2012-2451 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2012-2451
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Wed Jun 27 00:00:00 2012 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/