DSA-1678 perl -- design flawsID: oval:org.mitre.oval:def:7799 | Date: (C)2009-12-15 (M)2021-09-30 |
Class: PATCH | Family: unix |
Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later.