Bug 140542

Summary: CVE-2004-0452 File::Path::rmtree() issue
Product: Red Hat Enterprise Linux 3 Reporter: Mark J. Cox <mjc>
Component: perlAssignee: Jason Vas Dias <jvdias>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: jnovy, security-response-team, shillman
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 5.8.0-89.10 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-11-08 18:21:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch proposed from Chip none

Description Mark J. Cox 2004-11-23 15:54:03 UTC 
Debian reported to vendor-sec earlier in the year a possible issue in
File::Path::rmtree.  "It seems that in the process of recursing the
tree, File::Path::rmtree uses chmod to set various things to be world
writable.  This would seem to open the usual race conditions in 
situations where they would not otherwise exist, due to the directories
involved having sane permissions."

Possibly not public; checking with Debian.
Comment 1 Mark J. Cox 2004-11-23 16:22:06 UTC 
Created attachment 107309 [details]
patch proposed from Chip
Comment 6 Jason Vas Dias 2005-11-08 18:21:58 UTC 
This bug has been fixed since RHEL-3-U5 with perl-5.8.0-89.10, in the 
RHEL-3-embargo CVS branch. Chip's patches for this have now been applied
to the HEAD CVS branch, and this issue is also fixed in perl-5.8.0-90.2 .
Comment 7 Mark J. Cox 2005-11-09 09:51:16 UTC 
Verified, fixed by http://rhn.redhat.com/errata/RHSA-2005-105.html