Lucene search

RedhatCVE-2011-4114

HistoryJan 13, 2012 - 6:55 p.m.

CVE-2011-4114

2012-01-1318:55:03

CWE-264

redhat

web.nvd.nist.gov

cve-2011-4114

par::packer

perl

vulnerability

file overwrite

nvd

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.

Affected configurations

Nvd

Node

roderich_schupppar-packer_moduleRange≤1.011

roderich_schupppar-packer_moduleMatch0.63

roderich_schupppar-packer_moduleMatch0.64

roderich_schupppar-packer_moduleMatch0.65

roderich_schupppar-packer_moduleMatch0.66

roderich_schupppar-packer_moduleMatch0.67

roderich_schupppar-packer_moduleMatch0.68

roderich_schupppar-packer_moduleMatch0.69

roderich_schupppar-packer_moduleMatch0.70

roderich_schupppar-packer_moduleMatch0.71

roderich_schupppar-packer_moduleMatch0.72

roderich_schupppar-packer_moduleMatch0.73

roderich_schupppar-packer_moduleMatch0.74

roderich_schupppar-packer_moduleMatch0.75

roderich_schupppar-packer_moduleMatch0.76

roderich_schupppar-packer_moduleMatch0.77

roderich_schupppar-packer_moduleMatch0.78

roderich_schupppar-packer_moduleMatch0.79

roderich_schupppar-packer_moduleMatch0.80

roderich_schupppar-packer_moduleMatch0.81

roderich_schupppar-packer_moduleMatch0.82

roderich_schupppar-packer_moduleMatch0.83

roderich_schupppar-packer_moduleMatch0.85

roderich_schupppar-packer_moduleMatch0.86

roderich_schupppar-packer_moduleMatch0.87

roderich_schupppar-packer_moduleMatch0.88

roderich_schupppar-packer_moduleMatch0.89

roderich_schupppar-packer_moduleMatch0.90

roderich_schupppar-packer_moduleMatch0.91

roderich_schupppar-packer_moduleMatch0.92

roderich_schupppar-packer_moduleMatch0.93

roderich_schupppar-packer_moduleMatch0.94

roderich_schupppar-packer_moduleMatch0.941

roderich_schupppar-packer_moduleMatch0.942

roderich_schupppar-packer_moduleMatch0.951

roderich_schupppar-packer_moduleMatch0.952

roderich_schupppar-packer_moduleMatch0.953

roderich_schupppar-packer_moduleMatch0.954

roderich_schupppar-packer_moduleMatch0.955

roderich_schupppar-packer_moduleMatch0.956

roderich_schupppar-packer_moduleMatch0.957

roderich_schupppar-packer_moduleMatch0.958

roderich_schupppar-packer_moduleMatch0.959

roderich_schupppar-packer_moduleMatch0.960

roderich_schupppar-packer_moduleMatch0.970

roderich_schupppar-packer_moduleMatch0.973

roderich_schupppar-packer_moduleMatch0.975

roderich_schupppar-packer_moduleMatch0.976

roderich_schupppar-packer_moduleMatch0.977

roderich_schupppar-packer_moduleMatch0.978

roderich_schupppar-packer_moduleMatch0.979

roderich_schupppar-packer_moduleMatch0.980

roderich_schupppar-packer_moduleMatch0.981

roderich_schupppar-packer_moduleMatch0.982

roderich_schupppar-packer_moduleMatch0.991

roderich_schupppar-packer_moduleMatch0.992_01

roderich_schupppar-packer_moduleMatch0.992_02

roderich_schupppar-packer_moduleMatch0.992_03

roderich_schupppar-packer_moduleMatch0.992_04

roderich_schupppar-packer_moduleMatch0.992_05

roderich_schupppar-packer_moduleMatch0.992_06

roderich_schupppar-packer_moduleMatch1.000

roderich_schupppar-packer_moduleMatch1.001

roderich_schupppar-packer_moduleMatch1.002

roderich_schupppar-packer_moduleMatch1.003

roderich_schupppar-packer_moduleMatch1.004

roderich_schupppar-packer_moduleMatch1.005

roderich_schupppar-packer_moduleMatch1.006

roderich_schupppar-packer_moduleMatch1.007

roderich_schupppar-packer_moduleMatch1.008

roderich_schupppar-packer_moduleMatch1.009

roderich_schupppar-packer_moduleMatch1.010

VendorProductVersionCPE
roderich_schupppar-packer_module*cpe:2.3:a:roderich_schupp:par-packer_module:*:*:*:*:*:*:*:*
roderich_schupppar-packer_module0.63cpe:2.3:a:roderich_schupp:par-packer_module:0.63:*:*:*:*:*:*:*
roderich_schupppar-packer_module0.64cpe:2.3:a:roderich_schupp:par-packer_module:0.64:*:*:*:*:*:*:*
roderich_schupppar-packer_module0.65cpe:2.3:a:roderich_schupp:par-packer_module:0.65:*:*:*:*:*:*:*
roderich_schupppar-packer_module0.66cpe:2.3:a:roderich_schupp:par-packer_module:0.66:*:*:*:*:*:*:*
roderich_schupppar-packer_module0.67cpe:2.3:a:roderich_schupp:par-packer_module:0.67:*:*:*:*:*:*:*
roderich_schupppar-packer_module0.68cpe:2.3:a:roderich_schupp:par-packer_module:0.68:*:*:*:*:*:*:*
roderich_schupppar-packer_module0.69cpe:2.3:a:roderich_schupp:par-packer_module:0.69:*:*:*:*:*:*:*
roderich_schupppar-packer_module0.70cpe:2.3:a:roderich_schupp:par-packer_module:0.70:*:*:*:*:*:*:*
roderich_schupppar-packer_module0.71cpe:2.3:a:roderich_schupp:par-packer_module:0.71:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
roderich_schupp	par-packer_module	*	cpe:2.3:a:roderich_schupp:par-packer_module::::::::
roderich_schupp	par-packer_module	0.63	cpe:2.3:a:roderich_schupp:par-packer_module:0.63:::::::*
roderich_schupp	par-packer_module	0.64	cpe:2.3:a:roderich_schupp:par-packer_module:0.64:::::::*
roderich_schupp	par-packer_module	0.65	cpe:2.3:a:roderich_schupp:par-packer_module:0.65:::::::*
roderich_schupp	par-packer_module	0.66	cpe:2.3:a:roderich_schupp:par-packer_module:0.66:::::::*
roderich_schupp	par-packer_module	0.67	cpe:2.3:a:roderich_schupp:par-packer_module:0.67:::::::*
roderich_schupp	par-packer_module	0.68	cpe:2.3:a:roderich_schupp:par-packer_module:0.68:::::::*
roderich_schupp	par-packer_module	0.69	cpe:2.3:a:roderich_schupp:par-packer_module:0.69:::::::*
roderich_schupp	par-packer_module	0.70	cpe:2.3:a:roderich_schupp:par-packer_module:0.70:::::::*
roderich_schupp	par-packer_module	0.71	cpe:2.3:a:roderich_schupp:par-packer_module:0.71:::::::*