Vulnerability Name:

CVE-2008-5302 (CCN-47043)

Assigned:2008-11-19
Published:2008-11-19
Updated:2018-10-11
Summary:Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827.
Note: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
6.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
4.4 Medium (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-362
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: Debian Bug report logs - #286905
perl-modules: File::Path::rmtree makes setuid

Source: CONFIRM
Type: Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905

Source: CONFIRM
Type: Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36

Source: MITRE
Type: CNA
CVE-2008-5302

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-03-29-1

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:004

Source: CCN
Type: perldoc Web site
File::Path

Source: CCN
Type: RHSA-2010-0458
Moderate: perl security update

Source: SECUNIA
Type: UNKNOWN
32980

Source: SECUNIA
Type: UNKNOWN
33314

Source: SECUNIA
Type: UNKNOWN
40052

Source: CCN
Type: SA47305
F5 Enterprise Manager Multiple Vulnerabilities

Source: CCN
Type: Apple Web site
About the security content of Security Update 2010-002 / Mac OS X v10.6.3

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4077

Source: CCN
Type: F5 Networks Web site
Release Note: Enterprise Manager version 2.3.0

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2009-0011

Source: DEBIAN
Type: UNKNOWN
DSA-1678

Source: DEBIAN
Type: DSA-1678
perl -- design flaws

Source: CCN
Type: porters Mailing List, Nov 19, 2008, 7:25 AM
Re: File::Path regression in 5.8.9

Source: MISC
Type: Exploit
http://www.gossamer-threads.com/lists/perl/porters/233695#233695

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:116

Source: CCN
Type: oss-security Mailing List, Fri, 28 Nov 2008 16:29:10 +0100
Re: CVE Request - cups, dovecot-managesieve, perl, wireshark

Source: MLIST
Type: UNKNOWN
[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0458

Source: BUGTRAQ
Type: UNKNOWN
20090120 rPSA-2009-0011-1 perl

Source: CCN
Type: USN-700-1
Perl vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-700-1

Source: CCN
Type: USN-700-2
Perl regression

Source: UBUNTU
Type: UNKNOWN
USN-700-2

Source: CCN
Type: Larry Wall's Web page
Perl

Source: XF
Type: UNKNOWN
perl-filepath-symlink(47043)

Source: XF
Type: UNKNOWN
perl-filepath-symlink(47043)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11076

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6890

Source: SUSE
Type: SUSE-SR:2009:004
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:perl:perl:5.8.8:*:*:*:*:*:*:*
  • OR cpe:/a:perl:perl:5.10.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:perl:file::path:1.08:*:*:*:*:*:*:*
  • OR cpe:/a:perl:file::path:2.07:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20085302
    V
    CVE-2008-5302
    2015-11-16
    oval:org.mitre.oval:def:21014
    P
    USN-700-1 -- libarchive-tar-perl, perl vulnerabilities
    2014-07-07
    oval:org.mitre.oval:def:13257
    P
    USN-700-2 -- perl regression
    2014-06-30
    oval:org.mitre.oval:def:18549
    P
    DSA-1678-1 perl - privilege escalation
    2014-06-23
    oval:org.mitre.oval:def:7799
    P
    DSA-1678 perl -- design flaws
    2014-06-23
    oval:org.mitre.oval:def:22753
    P
    ELSA-2010:0458: perl security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:22359
    P
    RHSA-2010:0458: perl security update (Moderate)
    2014-02-24
    oval:org.mitre.oval:def:6890
    V
    VMware ESX,Service Console update for perl.
    2014-01-20
    oval:org.mitre.oval:def:11076
    V
    Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
    2013-04-29
    oval:com.redhat.rhsa:def:20100458
    P
    RHSA-2010:0458: perl security update (Moderate)
    2010-06-07
    oval:org.debian:def:1678
    V
    design flaws
    2008-12-03
    BACK
    perl perl 5.8.8
    perl perl 5.10.0
    perl file::path 1.08
    perl file::path 2.07