CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
86.9%
Jonathan Smith discovered that the Archive::Tar Perl module did not
correctly handle symlinks when extracting archives. If a user or
automated system were tricked into opening a specially crafted tar file,
a remote attacker could over-write arbitrary files. (CVE-2007-4829)
Tavis Ormandy and Will Drewry discovered that Perl did not correctly
handle certain utf8 characters in regular expressions. If a user or
automated system were tricked into using a specially crafted expression,
a remote attacker could crash the application, leading to a denial
of service. Ubuntu 8.10 was not affected by this issue. (CVE-2008-1927)
A race condition was discovered in the File::Path Perl module’s rmtree
function. If a local attacker successfully raced another user’s call
of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06
and 8.10 were not affected by this issue. (CVE-2008-5302)
A race condition was discovered in the File::Path Perl module’s rmtree
function. If a local attacker successfully raced another user’s call of
rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected
by this issue. (CVE-2008-5303)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.10 | noarch | perl-modules | < 5.10.0-11.1ubuntu2.2 | UNKNOWN |
Ubuntu | 8.10 | noarch | libperl-dev | < 5.10.0-11.1ubuntu2.2 | UNKNOWN |
Ubuntu | 8.10 | noarch | libperl5.10 | < 5.10.0-11.1ubuntu2.2 | UNKNOWN |
Ubuntu | 8.10 | noarch | perl | < 5.10.0-11.1ubuntu2.2 | UNKNOWN |
Ubuntu | 8.10 | noarch | perl | < base-5.10.0-11.1ubuntu2.2 | UNKNOWN |
Ubuntu | 8.10 | noarch | perl | < debug-5.10.0-11.1ubuntu2.2 | UNKNOWN |
Ubuntu | 8.10 | noarch | perl | < suid-5.10.0-11.1ubuntu2.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | libarchive-tar-perl | < 1.36-1ubuntu0.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | perl-modules | < 5.8.8-12ubuntu0.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libperl-dev | < 5.8.8-12ubuntu0.3 | UNKNOWN |