CVE-2012-2451

NONECVSS 0.0

0.0

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.

🔗 References (22)

cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html
cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html
cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html
cve@mitrehttp://secunia.com/advisories/48990
cve@mitrehttp://www.openwall.com/lists/oss-security/2012/05/02/6
cve@mitrehttp://www.osvdb.org/81671
cve@mitrehttp://www.securityfocus.com/bid/53361
cve@mitrehttp://www.ubuntu.com/usn/USN-1543-1
cve@mitrehttps://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
cve@mitrehttps://bugzilla.redhat.com/show_bug.cgi?id=818386
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/75328
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48990

Is Your Infrastructure Affected by CVE-2012-2451?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-2451

📅 Published

🔄 Last Modified

🔗 References (22)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-2451?