Vigil@nce: Perl, changing rights via rmtree
June 2008 by Vigil@nce
A local attacker can use a symbolic link in order to force the
rmtree function of lib/File/Path.pm to change rights of a file.
– Gravity: 1/4
– Consequences: data reading, data creation/edition, data deletion
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 25/06/2008
– Identifier: VIGILANCE-VUL-7910
IMPACTED PRODUCTS
Unix - plateform
DESCRIPTION
The Perl lib/File/Path.pm module provides file handling functions,
such as rmtree which deletes a tree path.
However, before deleting a symbolic link, permissions of the
pointed file are changed to 0777 (the file is not deleted if it is
not in the tree).
An attacker can therefore wait for a root program to use this
function, in order to gain access to the file.
CHARACTERISTICS
– Identifiers: 487319, CVE-2008-2827, VIGILANCE-VUL-7910
– Url: https://vigilance.aql.fr/tree/1/7910