CVE-2017-6512
Description
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.895
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Practical Extraction and Report Language (USN-3625-1) perl_5.26.0-8ubuntu1.1_amd64.deb | Linux |
| perl security update(DSA-3873-1) perl_5.20.2-3+deb8u7_i386.deb | Linux |
| perl security update(DSA-3873-1) perl_5.20.2-3+deb8u7_kfreebsd-i386.deb | Linux |
| perl security update(DSA-3873-1) perl_5.20.2-3+deb8u7_kfreebsd-amd64.deb | Linux |
| SUSE-SU-2017:3092-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-5.18.2-12.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:3092-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-32bit-5.18.2-12.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:3092-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-base-5.18.2-12.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:3092-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-base-debuginfo-5.18.2-12.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:3092-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-debuginfo-5.18.2-12.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:3092-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-debuginfo-32bit-5.18.2-12.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:3092-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-debugsource-5.18.2-12.3.1.x86_64.rpm | Linux |
| SUSE-SU-2017:3092-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-doc-5.18.2-12.3.1.noarch.rpm | Linux |
| SUSE-SU-2021:0449-1(SUSE Linux Enterprise Server 12-SP5 ) perl-File-Path-2.150000-8.3.1.noarch.rpm | Linux |
| SUSE-SU-2022:3271-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) perl-5.26.1-150300.17.11.1.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2022:3271-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) perl-base-5.26.1-150300.17.11.1.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2022:3271-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) perl-base-32bit-5.26.1-150300.17.11.1.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2022:3271-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) perl-core-DB_File-5.26.1-150300.17.11.1.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234