Vigil@nce: Perl, vulnerabilities of File::Path::rmtree
December 2008 by Vigil@nce
Two vulnerabilities of File::Path::rmtree() can be used by a local
attacker to create a suid file or to delete a file.
– Gravity: 2/4
– Consequences: data creation/edition, data deletion
– Provenance: user shell
– Means of attack: 2 attacks
– Ability of attacker: beginner (1/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 2
– Creation date: 03/12/2008
IMPACTED PRODUCTS
– Debian Linux
– Unix - plateform
DESCRIPTION
The Perl language can be extended with additional modules. The
rmtree() function of the File::Path module recursively deletes
directories. It contains two vulnerabilities.
During the deletion, a local attacker can create a symbolic link
inside the tree starting from a deleted suid file, in order to
force another file to become suid. [grav:2/4; 286905,
CVE-2008-5302]
During the deletion, a local attacker can create a symbolic link
inside the tree in order to force the deletion of a file outside
the tree. [grav:2/4; 286922, CVE-2008-5303]
CHARACTERISTICS
– Identifiers: 233695, 286905, 286922, CVE-2008-5302, CVE-2008-5303,
DSA-1678-1, VIGILANCE-VUL-8281
– Url: http://vigilance.fr/vulnerability/8281