CVE-2012-2451

EUVD-2012-2437
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.  NOTE: some of these details are obtained from third party information.  NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
shlomi_fishconfig-inifiles
𝑥
≤ 2.70
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libconfig-inifiles-perl
bookworm
3.000003-2
fixed
bullseye
3.000003-1
fixed
sid
3.000003-3
fixed
trixie
3.000003-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libconfig-inifiles-perl
hardy
ignored
lucid
Fixed 2.52-1ubuntu0.1
released
natty
Fixed 2.58-1ubuntu0.1
released
oneiric
Fixed 2.68-1ubuntu0.11.10.1
released
precise
Fixed 2.68-1ubuntu0.12.04.1
released
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html
http://secunia.com/advisories/48990
http://www.openwall.com/lists/oss-security/2012/05/02/6
http://www.osvdb.org/81671
http://www.securityfocus.com/bid/53361
http://www.ubuntu.com/usn/USN-1543-1
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
https://bugzilla.redhat.com/show_bug.cgi?id=818386
https://exchange.xforce.ibmcloud.com/vulnerabilities/75328
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html
http://secunia.com/advisories/48990
http://www.openwall.com/lists/oss-security/2012/05/02/6
http://www.osvdb.org/81671
http://www.securityfocus.com/bid/53361
http://www.ubuntu.com/usn/USN-1543-1
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
https://bugzilla.redhat.com/show_bug.cgi?id=818386
https://exchange.xforce.ibmcloud.com/vulnerabilities/75328