https://bugzilla.redhat.com/show_bug.cgi?id=1457832 Bug ID: 1457832 Summary: CVE-2017-6512 perl-File-Path: rmtree/remove_tree race condition Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@xxxxxxxxxx Reporter: anemec@xxxxxxxxxx CC: hhorak@xxxxxxxxxx, jorton@xxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, perl-maint-list@xxxxxxxxxx, ppisar@xxxxxxxxxx A vulnerability was found in perl File-Path. In the rmtree() and remove_tree() functions, the chmod()logic to make directories traversable can be abused to set the mode on an attacker-chosen file to an attacker-chosen value. This is due to the time-of-check-to-time-of-use (TOCTTOU) race condition between the stat() that decides the inode is a directory and the chmod() that tries to make it user-rwx. Upstream issue: https://rt.cpan.org/Public/Bug/Display.html?id=121951 Upstream patch: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2 -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
