CVE-2011-4114

The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program.  NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
roderich_schupppar-packer_module
𝑥
≤ 1.011
roderich_schupppar-packer_module
0.63
roderich_schupppar-packer_module
0.64
roderich_schupppar-packer_module
0.65
roderich_schupppar-packer_module
0.66
roderich_schupppar-packer_module
0.67
roderich_schupppar-packer_module
0.68
roderich_schupppar-packer_module
0.69
roderich_schupppar-packer_module
0.70
roderich_schupppar-packer_module
0.71
roderich_schupppar-packer_module
0.72
roderich_schupppar-packer_module
0.73
roderich_schupppar-packer_module
0.74
roderich_schupppar-packer_module
0.75
roderich_schupppar-packer_module
0.76
roderich_schupppar-packer_module
0.77
roderich_schupppar-packer_module
0.78
roderich_schupppar-packer_module
0.79
roderich_schupppar-packer_module
0.80
roderich_schupppar-packer_module
0.81
roderich_schupppar-packer_module
0.82
roderich_schupppar-packer_module
0.83
roderich_schupppar-packer_module
0.85
roderich_schupppar-packer_module
0.86
roderich_schupppar-packer_module
0.87
roderich_schupppar-packer_module
0.88
roderich_schupppar-packer_module
0.89
roderich_schupppar-packer_module
0.90
roderich_schupppar-packer_module
0.91
roderich_schupppar-packer_module
0.92
roderich_schupppar-packer_module
0.93
roderich_schupppar-packer_module
0.94
roderich_schupppar-packer_module
0.941
roderich_schupppar-packer_module
0.942
roderich_schupppar-packer_module
0.951
roderich_schupppar-packer_module
0.952
roderich_schupppar-packer_module
0.953
roderich_schupppar-packer_module
0.954
roderich_schupppar-packer_module
0.955
roderich_schupppar-packer_module
0.956
roderich_schupppar-packer_module
0.957
roderich_schupppar-packer_module
0.958
roderich_schupppar-packer_module
0.959
roderich_schupppar-packer_module
0.960
roderich_schupppar-packer_module
0.970
roderich_schupppar-packer_module
0.973
roderich_schupppar-packer_module
0.975
roderich_schupppar-packer_module
0.976
roderich_schupppar-packer_module
0.977
roderich_schupppar-packer_module
0.978
roderich_schupppar-packer_module
0.979
roderich_schupppar-packer_module
0.980
roderich_schupppar-packer_module
0.981
roderich_schupppar-packer_module
0.982
roderich_schupppar-packer_module
0.991
roderich_schupppar-packer_module
0.992_01:_01
roderich_schupppar-packer_module
0.992_02:_02
roderich_schupppar-packer_module
0.992_03:_03
roderich_schupppar-packer_module
0.992_04:_04
roderich_schupppar-packer_module
0.992_05:_05
roderich_schupppar-packer_module
0.992_06:_06
roderich_schupppar-packer_module
1.000
roderich_schupppar-packer_module
1.001
roderich_schupppar-packer_module
1.002
roderich_schupppar-packer_module
1.003
roderich_schupppar-packer_module
1.004
roderich_schupppar-packer_module
1.005
roderich_schupppar-packer_module
1.006
roderich_schupppar-packer_module
1.007
roderich_schupppar-packer_module
1.008
roderich_schupppar-packer_module
1.009
roderich_schupppar-packer_module
1.010
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libpar-packer-perl
bullseye
1.052-1
fixed
bookworm
1.057-1
fixed
sid
1.063-1
fixed
trixie
1.063-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libpar-packer-perl
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
libpar-perl
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html
http://www.openwall.com/lists/oss-security/2011/11/04/2
http://www.openwall.com/lists/oss-security/2011/11/04/4
https://bugzilla.redhat.com/show_bug.cgi?id=753955
https://rt.cpan.org/Public/Bug/Display.html?id=69560
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html
http://www.openwall.com/lists/oss-security/2011/11/04/2
http://www.openwall.com/lists/oss-security/2011/11/04/4
https://bugzilla.redhat.com/show_bug.cgi?id=753955
https://rt.cpan.org/Public/Bug/Display.html?id=69560