CVE-2011-5060

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
roderich_schupppar-packer_module
𝑥
≤ 1.002
roderich_schupppar-packer_module
0.63
roderich_schupppar-packer_module
0.64
roderich_schupppar-packer_module
0.65
roderich_schupppar-packer_module
0.66
roderich_schupppar-packer_module
0.67
roderich_schupppar-packer_module
0.68
roderich_schupppar-packer_module
0.69
roderich_schupppar-packer_module
0.70
roderich_schupppar-packer_module
0.71
roderich_schupppar-packer_module
0.72
roderich_schupppar-packer_module
0.73
roderich_schupppar-packer_module
0.74
roderich_schupppar-packer_module
0.75
roderich_schupppar-packer_module
0.76
roderich_schupppar-packer_module
0.77
roderich_schupppar-packer_module
0.78
roderich_schupppar-packer_module
0.79
roderich_schupppar-packer_module
0.80
roderich_schupppar-packer_module
0.81
roderich_schupppar-packer_module
0.82
roderich_schupppar-packer_module
0.83
roderich_schupppar-packer_module
0.85
roderich_schupppar-packer_module
0.86
roderich_schupppar-packer_module
0.87
roderich_schupppar-packer_module
0.88
roderich_schupppar-packer_module
0.89
roderich_schupppar-packer_module
0.90
roderich_schupppar-packer_module
0.91
roderich_schupppar-packer_module
0.92
roderich_schupppar-packer_module
0.93
roderich_schupppar-packer_module
0.94
roderich_schupppar-packer_module
0.941
roderich_schupppar-packer_module
0.942
roderich_schupppar-packer_module
0.951
roderich_schupppar-packer_module
0.952
roderich_schupppar-packer_module
0.953
roderich_schupppar-packer_module
0.954
roderich_schupppar-packer_module
0.955
roderich_schupppar-packer_module
0.956
roderich_schupppar-packer_module
0.957
roderich_schupppar-packer_module
0.958
roderich_schupppar-packer_module
0.959
roderich_schupppar-packer_module
0.960
roderich_schupppar-packer_module
0.970
roderich_schupppar-packer_module
0.973
roderich_schupppar-packer_module
0.975
roderich_schupppar-packer_module
0.976
roderich_schupppar-packer_module
0.977
roderich_schupppar-packer_module
0.978
roderich_schupppar-packer_module
0.979
roderich_schupppar-packer_module
0.980
roderich_schupppar-packer_module
0.981
roderich_schupppar-packer_module
0.982
roderich_schupppar-packer_module
0.991
roderich_schupppar-packer_module
0.992_01:_01
roderich_schupppar-packer_module
0.992_02:_02
roderich_schupppar-packer_module
0.992_03:_03
roderich_schupppar-packer_module
0.992_04:_04
roderich_schupppar-packer_module
0.992_05:_05
roderich_schupppar-packer_module
0.992_06:_06
roderich_schupppar-packer_module
1.000
roderich_schupppar-packer_module
1.001
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libpar-perl
bullseye
1.017-1
fixed
bookworm
1.018-2
fixed
sid
1.020-1
fixed
trixie
1.020-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libpar-perl
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
https://bugzilla.redhat.com/show_bug.cgi?id=753955
https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
https://rt.cpan.org/Public/Bug/Display.html?id=69560
http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
https://bugzilla.redhat.com/show_bug.cgi?id=753955
https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
https://rt.cpan.org/Public/Bug/Display.html?id=69560