The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Par-packer_module | Roderich_schupp | * | 1.011 (including) |
| Par-packer_module | Roderich_schupp | 0.63 (including) | 0.63 (including) |
| Par-packer_module | Roderich_schupp | 0.64 (including) | 0.64 (including) |
| Par-packer_module | Roderich_schupp | 0.65 (including) | 0.65 (including) |
| Par-packer_module | Roderich_schupp | 0.66 (including) | 0.66 (including) |
| Par-packer_module | Roderich_schupp | 0.67 (including) | 0.67 (including) |
| Par-packer_module | Roderich_schupp | 0.68 (including) | 0.68 (including) |
| Par-packer_module | Roderich_schupp | 0.69 (including) | 0.69 (including) |
| Par-packer_module | Roderich_schupp | 0.70 (including) | 0.70 (including) |
| Par-packer_module | Roderich_schupp | 0.71 (including) | 0.71 (including) |
| Par-packer_module | Roderich_schupp | 0.72 (including) | 0.72 (including) |
| Par-packer_module | Roderich_schupp | 0.73 (including) | 0.73 (including) |
| Par-packer_module | Roderich_schupp | 0.74 (including) | 0.74 (including) |
| Par-packer_module | Roderich_schupp | 0.75 (including) | 0.75 (including) |
| Par-packer_module | Roderich_schupp | 0.76 (including) | 0.76 (including) |
| Par-packer_module | Roderich_schupp | 0.77 (including) | 0.77 (including) |
| Par-packer_module | Roderich_schupp | 0.78 (including) | 0.78 (including) |
| Par-packer_module | Roderich_schupp | 0.79 (including) | 0.79 (including) |
| Par-packer_module | Roderich_schupp | 0.80 (including) | 0.80 (including) |
| Par-packer_module | Roderich_schupp | 0.81 (including) | 0.81 (including) |
| Par-packer_module | Roderich_schupp | 0.82 (including) | 0.82 (including) |
| Par-packer_module | Roderich_schupp | 0.83 (including) | 0.83 (including) |
| Par-packer_module | Roderich_schupp | 0.85 (including) | 0.85 (including) |
| Par-packer_module | Roderich_schupp | 0.86 (including) | 0.86 (including) |
| Par-packer_module | Roderich_schupp | 0.87 (including) | 0.87 (including) |
| Par-packer_module | Roderich_schupp | 0.88 (including) | 0.88 (including) |
| Par-packer_module | Roderich_schupp | 0.89 (including) | 0.89 (including) |
| Par-packer_module | Roderich_schupp | 0.90 (including) | 0.90 (including) |
| Par-packer_module | Roderich_schupp | 0.91 (including) | 0.91 (including) |
| Par-packer_module | Roderich_schupp | 0.92 (including) | 0.92 (including) |
| Par-packer_module | Roderich_schupp | 0.93 (including) | 0.93 (including) |
| Par-packer_module | Roderich_schupp | 0.94 (including) | 0.94 (including) |
| Par-packer_module | Roderich_schupp | 0.941 (including) | 0.941 (including) |
| Par-packer_module | Roderich_schupp | 0.942 (including) | 0.942 (including) |
| Par-packer_module | Roderich_schupp | 0.951 (including) | 0.951 (including) |
| Par-packer_module | Roderich_schupp | 0.952 (including) | 0.952 (including) |
| Par-packer_module | Roderich_schupp | 0.953 (including) | 0.953 (including) |
| Par-packer_module | Roderich_schupp | 0.954 (including) | 0.954 (including) |
| Par-packer_module | Roderich_schupp | 0.955 (including) | 0.955 (including) |
| Par-packer_module | Roderich_schupp | 0.956 (including) | 0.956 (including) |
| Par-packer_module | Roderich_schupp | 0.957 (including) | 0.957 (including) |
| Par-packer_module | Roderich_schupp | 0.958 (including) | 0.958 (including) |
| Par-packer_module | Roderich_schupp | 0.959 (including) | 0.959 (including) |
| Par-packer_module | Roderich_schupp | 0.960 (including) | 0.960 (including) |
| Par-packer_module | Roderich_schupp | 0.970 (including) | 0.970 (including) |
| Par-packer_module | Roderich_schupp | 0.973 (including) | 0.973 (including) |
| Par-packer_module | Roderich_schupp | 0.975 (including) | 0.975 (including) |
| Par-packer_module | Roderich_schupp | 0.976 (including) | 0.976 (including) |
| Par-packer_module | Roderich_schupp | 0.977 (including) | 0.977 (including) |
| Par-packer_module | Roderich_schupp | 0.978 (including) | 0.978 (including) |
| Par-packer_module | Roderich_schupp | 0.979 (including) | 0.979 (including) |
| Par-packer_module | Roderich_schupp | 0.980 (including) | 0.980 (including) |
| Par-packer_module | Roderich_schupp | 0.981 (including) | 0.981 (including) |
| Par-packer_module | Roderich_schupp | 0.982 (including) | 0.982 (including) |
| Par-packer_module | Roderich_schupp | 0.991 (including) | 0.991 (including) |
| Par-packer_module | Roderich_schupp | 0.992_01 (including) | 0.992_01 (including) |
| Par-packer_module | Roderich_schupp | 0.992_02 (including) | 0.992_02 (including) |
| Par-packer_module | Roderich_schupp | 0.992_03 (including) | 0.992_03 (including) |
| Par-packer_module | Roderich_schupp | 0.992_04 (including) | 0.992_04 (including) |
| Par-packer_module | Roderich_schupp | 0.992_05 (including) | 0.992_05 (including) |
| Par-packer_module | Roderich_schupp | 0.992_06 (including) | 0.992_06 (including) |
| Par-packer_module | Roderich_schupp | 1.000 (including) | 1.000 (including) |
| Par-packer_module | Roderich_schupp | 1.001 (including) | 1.001 (including) |
| Par-packer_module | Roderich_schupp | 1.002 (including) | 1.002 (including) |
| Par-packer_module | Roderich_schupp | 1.003 (including) | 1.003 (including) |
| Par-packer_module | Roderich_schupp | 1.004 (including) | 1.004 (including) |
| Par-packer_module | Roderich_schupp | 1.005 (including) | 1.005 (including) |
| Par-packer_module | Roderich_schupp | 1.006 (including) | 1.006 (including) |
| Par-packer_module | Roderich_schupp | 1.007 (including) | 1.007 (including) |
| Par-packer_module | Roderich_schupp | 1.008 (including) | 1.008 (including) |
| Par-packer_module | Roderich_schupp | 1.009 (including) | 1.009 (including) |
| Par-packer_module | Roderich_schupp | 1.010 (including) | 1.010 (including) |
| Libpar-packer-perl | Ubuntu | hardy | * |
| Libpar-packer-perl | Ubuntu | lucid | * |
| Libpar-packer-perl | Ubuntu | maverick | * |
| Libpar-packer-perl | Ubuntu | natty | * |
| Libpar-packer-perl | Ubuntu | oneiric | * |
| Libpar-packer-perl | Ubuntu | upstream | * |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html
- http://www.openwall.com/lists/oss-security/2011/11/04/2
- http://www.openwall.com/lists/oss-security/2011/11/04/4
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html
- http://www.openwall.com/lists/oss-security/2011/11/04/2
- http://www.openwall.com/lists/oss-security/2011/11/04/4
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://rt.cpan.org/Public/Bug/Display.html?id=69560