140542 – CVE-2004-0452 File::Path::rmtree() issue

Bug 140542 - CVE-2004-0452 File::Path::rmtree() issue

Summary: CVE-2004-0452 File::Path::rmtree() issue

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	perl
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jason Vas Dias
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-11-23 15:54 UTC by Mark J. Cox
Modified:	2007-11-30 22:07 UTC (History)
CC List:	3 users (show)
Fixed In Version:	5.8.0-89.10
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-11-08 18:21:58 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
patch proposed from Chip (1.38 KB, patch) 2004-11-23 16:22 UTC, Mark J. Cox	no flags	Details \| Diff
View All

Description Mark J. Cox 2004-11-23 15:54:03 UTC

Debian reported to vendor-sec earlier in the year a possible issue in
File::Path::rmtree.  "It seems that in the process of recursing the
tree, File::Path::rmtree uses chmod to set various things to be world
writable.  This would seem to open the usual race conditions in 
situations where they would not otherwise exist, due to the directories
involved having sane permissions."

Possibly not public; checking with Debian.

Comment 1 Mark J. Cox 2004-11-23 16:22:06 UTC

Created attachment 107309 [details]
patch proposed from Chip

Comment 6 Jason Vas Dias 2005-11-08 18:21:58 UTC

This bug has been fixed since RHEL-3-U5 with perl-5.8.0-89.10, in the 
RHEL-3-embargo CVS branch. Chip's patches for this have now been applied
to the HEAD CVS branch, and this issue is also fixed in perl-5.8.0-90.2 .

Comment 7 Mark J. Cox 2005-11-09 09:51:16 UTC

Verified, fixed by http://rhn.redhat.com/errata/RHSA-2005-105.html

Note You need to log in before you can comment on or make changes to this bug.