CPANSA-perl-1999-1386: perl vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 1999-12-31T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 1999-12-31T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | 5.5 | Severity | |
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
Vulnerabilities
CVE-1999-1386
Vulnerability DescriptionPerl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
| Weakness | CWE-59 : Improper Link Resolution Before File Access ('Link Following') |
|---|
Product status
Known affected
| Product | Score | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| perl less than 5.4.4 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-perl-1999-1386 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/1999/cpansa-perl-1999-1386.json - http://www.redhat.com/support/errata/rh50-errata-general.html#perl external
http://www.redhat.com/support/errata/rh50-errata-general.html#perl - http://www.iss.net/security_center/static/7243.php external
http://www.iss.net/security_center/static/7243.php - http://marc.info/?l=bugtraq&m=88932165406213&w=2 external
http://marc.info/?l=bugtraq&m=88932165406213&w=2 - CVE-1999-1386 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-1999-1386
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Fri Dec 31 00:00:00 1999 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/