Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 2.1 product line. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 161054

Summary: CVE-2005-0448 perl File::Path.pm rmtree race condition
Product: Red Hat Enterprise Linux 2.1 Reporter: Mark J. Cox <mjc>
Component: perlAssignee: Marcela Mašláňová <mmaslano>
Status: CLOSED WONTFIX QA Contact: David Lawrence <dkl>
Severity: low Docs Contact:
Priority: medium    
Version: 2.1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20050309,source=cve,reported=20050314
Fixed In Version: 5.6.1-38.EL2_1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-28 14:10:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2005-06-20 09:36:28 UTC
+++ This bug was initially created as a clone of Bug #157694 +++

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4
allows local users to create arbitrary setuid binaries in the tree being
deleted, a different vulnerability than CAN-2004-0452.

http://marc.theaimsgroup.com/?l=bugtraq&m=111039131424834&w=2

Comment 1 Jason Vas Dias 2006-04-22 01:23:40 UTC
fixed with perl-5.6.1-38.EL2_1 

Comment 2 Robin Norwood 2006-10-01 23:32:46 UTC
assigning to rnorwood

Comment 3 Mark J. Cox 2007-07-20 11:45:40 UTC
We've not shipped perl-5.6.1-38.EL2_1 therefore leaving open until we do.

Comment 4 Tomas Hoger 2009-08-28 14:10:07 UTC
EL2.1 reached end of life.