CVE-2017-6512

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

References

http://cpansearch.perl.org/src/JKEENAN/File-Path-2.13/Changes

http://security.cucumberlinux.com/security/details.php?id=153

http://www.debian.org/security/2017/dsa-3873

http://www.securityfocus.com/bid/99180

http://www.securitytracker.com/id/1038610

https://rt.cpan.org/Ticket/Display.html?id=121951

https://security.gentoo.org/glsa/201709-12

https://usn.ubuntu.com/3625-1/

https://usn.ubuntu.com/3625-2/

Details

Source: MITRE

Published: 2017-06-01

Updated: 2020-04-29

Type: CWE-362

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
153282EulerOS 2.0 SP2 : perl-File-Path (EulerOS-SA-2021-2422)NessusHuawei Local Security Checks
medium
149167EulerOS 2.0 SP3 : perl-File-Path (EulerOS-SA-2021-1829)NessusHuawei Local Security Checks
medium
141724EulerOS Virtualization 3.0.2.2 : perl-File-Path (EulerOS-SA-2020-2203)NessusHuawei Local Security Checks
high
140996EulerOS Virtualization for ARM 64 3.0.6.0 : perl-File-Path (EulerOS-SA-2020-2048)NessusHuawei Local Security Checks
medium
137969EulerOS Virtualization 3.0.6.0 : perl-File-Path (EulerOS-SA-2020-1750)NessusHuawei Local Security Checks
medium
134476EulerOS Virtualization for ARM 64 3.0.2.0 : perl-File-Path (EulerOS-SA-2020-1187)NessusHuawei Local Security Checks
medium
130644EulerOS 2.0 SP5 : perl-File-Path (EulerOS-SA-2019-2182)NessusHuawei Local Security Checks
medium
109086Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : Perl vulnerabilities (USN-3625-1)NessusUbuntu Local Security Checks
critical
106092SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)NessusSuSE Local Security Checks
critical
104783SUSE SLED12 / SLES12 Security Update : perl (SUSE-SU-2017:3092-1)NessusSuSE Local Security Checks
critical
104767openSUSE Security Update : perl (openSUSE-2017-1304)NessusSuSE Local Security Checks
critical
104475SUSE SLES11 Security Update : perl (SUSE-SU-2017:2951-1)NessusSuSE Local Security Checks
medium
103280GLSA-201709-12 : Perl: Race condition vulnerabilityNessusGentoo Local Security Checks
medium
101630Fedora 26 : perl-File-Path (2017-4e981a51e6)NessusFedora Local Security Checks
medium
100968Fedora 24 : perl-File-Path (2017-212f07c853)NessusFedora Local Security Checks
medium
100860Fedora 25 : perl-File-Path (2017-dd42592f9a)NessusFedora Local Security Checks
medium
100625Debian DSA-3873-1 : perl - security updateNessusDebian Local Security Checks
medium
100624Debian DLA-978-1 : perl security updateNessusDebian Local Security Checks
medium