1
Candidate: CVE-2011-4114
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4114
6
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl
7
creates temporary files in a directory with a predictable name without
8
verifying ownership and permissions of this directory, which allows local
9
users to overwrite files when another user extracts a PAR packed program.
10
NOTE: a similar vulnerability was reported for PAR, but this has been
11
assigned a different CVE identifier.
14
sbeattie> libpar-perl issued the fix for this issue annotated with
15
sbeattie> CVE-2011-4114; however, it subsequently got split out into a
16
sbeattie> separate cve, CVE-2011-5060.
18
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650706
23
Patches_libpar-packer-perl:
24
upstream_libpar-packer-perl: released (1.012)
25
hardy_libpar-packer-perl: ignored (reached end-of-life)
26
lucid_libpar-packer-perl: ignored (reached end-of-life)
27
maverick_libpar-packer-perl: ignored (reached end-of-life)
28
natty_libpar-packer-perl: ignored (reached end-of-life)
29
oneiric_libpar-packer-perl: ignored (reached end-of-life)
30
precise_libpar-packer-perl: not-affected (1.012-1)
31
quantal_libpar-packer-perl: not-affected (1.012-1)
32
raring_libpar-packer-perl: not-affected (1.012-1)
33
saucy_libpar-packer-perl: not-affected (1.012-1)
34
devel_libpar-packer-perl: not-affected (1.012-1)
37
upstream_libpar-perl: not-affected (see CVE-2011-5060)
38
hardy_libpar-perl: not-affected (see CVE-2011-5060)
39
lucid_libpar-perl: not-affected (see CVE-2011-5060)
40
maverick_libpar-perl: not-affected (see CVE-2011-5060)
41
natty_libpar-perl: not-affected (see CVE-2011-5060)
42
oneiric_libpar-perl: not-affected (see CVE-2011-5060)
43
precise_libpar-perl: not-affected (see CVE-2011-5060)
44
quantal_libpar-perl: not-affected (see CVE-2011-5060)
45
raring_libpar-perl: not-affected (see CVE-2011-5060)
46
saucy_libpar-perl: not-affected (see CVE-2011-5060)
47
devel_libpar-perl: not-affected (see CVE-2011-5060)