Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability

BID:12767

Info

Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability

Bugtraq ID: 12767
Class: Race Condition Error
CVE: CVE-2005-0448
CVE-2008-5302
CVE-2008-5303
Remote: No
Local: Yes
Published: Mar 09 2005 12:00AM
Updated: Jul 06 2016 02:27PM
Credit: Discovery is credited to Paul Szabo.
Vulnerable: Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 lpia
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
rPath rPath Linux 2
rPath rPath Linux 1
rPath Appliance Platform Linux Service 2
rPath Appliance Platform Linux Service 1
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux 5 Server
Pardus Linux 2008 0
Pardus Linux 2007 0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 2010.0 x86_64
Mandriva Linux Mandrake 2010.0
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Larry Wall Perl 5.8.8
Larry Wall Perl 5.8.6
+ Gentoo Linux
Larry Wall Perl 5.8.5
+ Turbolinux Turbolinux Server 10.0
Larry Wall Perl 5.8.4 -5
Larry Wall Perl 5.8.4 -4
Larry Wall Perl 5.8.4 -3
Larry Wall Perl 5.8.4 -2.3
Larry Wall Perl 5.8.4 -2
Larry Wall Perl 5.8.4 -1
Larry Wall Perl 5.8.4
+ MandrakeSoft Corporate Server 3.0 x86_64
 + MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
 + Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
 + Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
Larry Wall Perl 5.8.3
+ Gentoo Linux
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 Larry Wall Perl 5.8.1
Larry Wall Perl 5.8
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
Larry Wall Perl 5.6.1
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Larry Wall Perl 5.6
Larry Wall Perl 5.0 05_003
+ Debian Linux 2.2 sparc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2
+ Debian Linux 2.1 sparc
 + Debian Linux 2.1 alpha
 + Debian Linux 2.1 68k
 + Debian Linux 2.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ RedHat Linux 6.2 E sparc
 + RedHat Linux 6.2 E i386
 + RedHat Linux 6.2 E alpha
 + RedHat Linux 6.2 sparc
 + RedHat Linux 6.2 i386
 + RedHat Linux 6.2 alpha
 + RedHat Linux 6.1 sparc
 + RedHat Linux 6.1 i386
 + RedHat Linux 6.1 alpha
 + RedHat Linux 6.0 sparc
 + RedHat Linux 6.0 alpha
 + RedHat Linux 6.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3
+ Trustix Trustix Secure Linux 1.1
+ Turbolinux Turbolinux 6.0.4
+ Turbolinux Turbolinux 6.0.3
+ Turbolinux Turbolinux 6.0.2
+ Turbolinux Turbolinux 6.0.1
+ Turbolinux Turbolinux 6.0
+ Turbolinux Turbolinux 4.4
+ Turbolinux Turbolinux 4.2
+ Turbolinux Turbolinux 4.0
Larry Wall Perl 5.0 05
Larry Wall Perl 5.0 04_05
+ RedHat Linux 5.2 sparc
 + RedHat Linux 5.2 i386
 + RedHat Linux 5.2 alpha
 + RedHat Linux 5.1
+ RedHat Linux 5.0
Larry Wall Perl 5.0 04_04
Larry Wall Perl 5.0 04
Larry Wall Perl 5.0 03
Larry Wall Perl 5.10
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.00
F5 Enterprise Manager 2.2
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Conectiva Linux 10.0
Avaya Predictive Dialing System (PDS) 12.0
Apple Mac OS X Server 10.5.8
Apple Mac OS X 10.5.8
Not Vulnerable: F5 Enterprise Manager 2.3

Discussion

Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability

Perl is reported prone to a local race-condition vulnerability. The issue resides in the 'rmtree()' function provided by the 'File::Path.pm' module.

A successful attack may allow an attacker to gain elevated privileges on a vulnerable computer.

UPDATE (December 2, 2008): This issue has been reported in Perl 5.8.8 and 5.10.

Exploit / POC

Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability

Attackers may use common tools to exploit this issue.

Solution / Fix

Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references for more information.


Ubuntu Ubuntu Linux 7.10 powerpc

Ubuntu Ubuntu Linux 8.04 LTS powerpc

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu Ubuntu Linux 8.04 LTS sparc

Mandriva Linux Mandrake 2008.0 x86_64

Ubuntu Ubuntu Linux 8.04 LTS amd64

Mandriva Linux Mandrake 2008.0

Ubuntu Ubuntu Linux 7.10 sparc

Mandriva Linux Mandrake 2010.0

Debian Linux 4.0 amd64

Debian Linux 4.0 ia-32

Debian Linux 4.0 hppa

Ubuntu Ubuntu Linux 8.10 sparc

Debian Linux 4.0 mipsel

Ubuntu Ubuntu Linux 8.10 amd64

Debian Linux 4.0 ia-64

Debian Linux 4.0 mips

Debian Linux 4.0 arm

Debian Linux 4.0 powerpc

Ubuntu Ubuntu Linux 8.10 i386

Debian Linux 4.0 m68k

HP HP-UX B.11.23

Ubuntu Ubuntu Linux 8.04 LTS lpia

Ubuntu Ubuntu Linux 7.10 lpia

Ubuntu Ubuntu Linux 7.10 i386

Ubuntu Ubuntu Linux 8.10 lpia

HP HP-UX B.11.11

Mandriva Linux Mandrake 2010.0 x86_64

Debian Linux 4.0 sparc

Debian Linux 4.0 s/390

Debian Linux 4.0 alpha

Ubuntu Ubuntu Linux 7.10 amd64

HP HP-UX B.11.00

Debian Linux 4.0

Ubuntu Ubuntu Linux 8.04 LTS i386

Apple Mac OS X Server 10.5.8

Larry Wall Perl 5.6.1

Larry Wall Perl 5.8

Larry Wall Perl 5.8.1

Larry Wall Perl 5.8.3

Larry Wall Perl 5.8.4

Larry Wall Perl 5.8.5

Larry Wall Perl 5.8.6

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report