Red Hat Bugzilla – Bug 140542
CVE-2004-0452 File::Path::rmtree() issue
Last modified: 2007-11-30 17:07:05 EST
Debian reported to vendor-sec earlier in the year a possible issue in
File::Path::rmtree. "It seems that in the process of recursing the
tree, File::Path::rmtree uses chmod to set various things to be world
writable. This would seem to open the usual race conditions in
situations where they would not otherwise exist, due to the directories
involved having sane permissions."
Possibly not public; checking with Debian.
Created attachment 107309 [details]
patch proposed from Chip
This bug has been fixed since RHEL-3-U5 with perl-5.8.0-89.10, in the
RHEL-3-embargo CVS branch. Chip's patches for this have now been applied
to the HEAD CVS branch, and this issue is also fixed in perl-5.8.0-90.2 .
Verified, fixed by http://rhn.redhat.com/errata/RHSA-2005-105.html