CVE-2011-4363

critical

Description

ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.

References

https://rt.cpan.org/Public/Bug/Display.html?id=72862

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363

http://www.securityfocus.com/bid/50868

http://www.osvdb.org/77428

http://www.openwall.com/lists/oss-security/2011/11/30/3

http://www.openwall.com/lists/oss-security/2011/11/30/2

http://secunia.com/advisories/47015

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500

Details

Source: Mitre, NVD

Published: 2012-10-07

Updated: 2012-10-08

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:P

Severity: Low

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: Critical

Detections

Analytics