cpe:/a:perl:file%3a%3apath:1.08 cpe:/a:perl:file%3a%3apath:2.07 CVE-2008-5302 2008-12-01T12:30:01.453-05:00 2017-09-28T21:32:33.243-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-12-02T14:29:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 20090120 rPSA-2009-0011-1 perl SECUNIA 32980 SECUNIA 33314 SECUNIA 40052 APPLE APPLE-SA-2010-03-29-1 DEBIAN DSA-1678 MANDRIVA MDVSA-2010:116 REDHAT RHSA-2010:0458 SUSE SUSE-SR:2009:004 UBUNTU USN-700-1 UBUNTU USN-700-2 MLIST [oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0011 MISC http://www.gossamer-threads.com/lists/perl/porters/233695#233695 XF perl-filepath-symlink(47043) Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.