Cache::Cache Perl Module '/tmp' Insecure File Permissions Vulnerabilities
BID:39189
Info
Cache::Cache Perl Module '/tmp' Insecure File Permissions Vulnerabilities
| Bugtraq ID: | 39189 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 05 2010 12:00AM |
| Updated: | Apr 05 2010 12:00AM |
| Credit: | Larry W. Cashdollar |
| Vulnerable: |
DeWitt Clinton Cache::Cache 1.06 |
| Not Vulnerable: | |
Discussion
Cache::Cache Perl Module '/tmp' Insecure File Permissions Vulnerabilities
Cache::Cache is prone to multiple insecure file-permission vulnerabilities.
An attacker can exploit these issues to obtain sensitive information or corrupt sensitive files that may lead to denial-of-service conditions.
Cache::Cache 1.06 is vulnerable; other versions may also be affected.
Note: This module is no longer being maintained by its author.
Cache::Cache is prone to multiple insecure file-permission vulnerabilities.
An attacker can exploit these issues to obtain sensitive information or corrupt sensitive files that may lead to denial-of-service conditions.
Cache::Cache 1.06 is vulnerable; other versions may also be affected.
Note: This module is no longer being maintained by its author.
Exploit / POC
Cache::Cache Perl Module '/tmp' Insecure File Permissions Vulnerabilities
Attackers can use readily available tools and standard commands to exploit these issues.
Attackers can use readily available tools and standard commands to exploit these issues.
Solution / Fix
Cache::Cache Perl Module '/tmp' Insecure File Permissions Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Cache::Cache Perl Module '/tmp' Insecure File Permissions Vulnerabilities
References:
References:
- Cache::Cache Homepage (DeWitt Clinton)
- FileCache: tmp file permission vulnerability. (Vapid Labs)