FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p5-File-Path -- rmtree allows creation of setuid files

Affected packages
p5-File-Path < 2.07_1

Details

VuXML ID 13b0c8c8-bee0-11dd-a708-001fc66e7203
Discovery 2008-11-28
Entry 2009-01-03

Jan Lieskovsky reports:

perl-File-Path rmtree race condition (CVE-2005-0448 was assigned to address this)

This vulnerability was fixed in 5.8.4-7 but re-introduced in 5.8.8-1. It's also present in File::Path 2.xx, up to and including 2.07 which has only a partial fix.

References

CVE Name CVE-2005-0448
Message http://www.gossamer-threads.com/lists/perl/porters/233699#233699
Message http://www.openwall.com/lists/oss-security/2008/11/28/1
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905