The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Par-packer_module | Roderich_schupp | 0.941 | 0.941 |
| Par-packer_module | Roderich_schupp | 0.64 | 0.64 |
| Par-packer_module | Roderich_schupp | 0.72 | 0.72 |
| Par-packer_module | Roderich_schupp | 0.82 | 0.82 |
| Par-packer_module | Roderich_schupp | 0.75 | 0.75 |
| Par-packer_module | Roderich_schupp | 0.66 | 0.66 |
| Par-packer_module | Roderich_schupp | 0.71 | 0.71 |
| Par-packer_module | Roderich_schupp | 0.78 | 0.78 |
| Par-packer_module | Roderich_schupp | 0.69 | 0.69 |
| Par-packer_module | Roderich_schupp | 0.70 | 0.70 |
| Par-packer_module | Roderich_schupp | 0.954 | 0.954 |
| Par-packer_module | Roderich_schupp | 0.957 | 0.957 |
| Par-packer_module | Roderich_schupp | 0.977 | 0.977 |
| Par-packer_module | Roderich_schupp | 0.942 | 0.942 |
| Par-packer_module | Roderich_schupp | 0.970 | 0.970 |
| Par-packer_module | Roderich_schupp | 0.76 | 0.76 |
| Par-packer_module | Roderich_schupp | 0.89 | 0.89 |
| Par-packer_module | Roderich_schupp | 0.955 | 0.955 |
| Par-packer_module | Roderich_schupp | 0.981 | 0.981 |
| Par-packer_module | Roderich_schupp | 0.88 | 0.88 |
| Par-packer_module | Roderich_schupp | 0.979 | 0.979 |
| Par-packer_module | Roderich_schupp | 0.992_03 | 0.992_03 |
| Par-packer_module | Roderich_schupp | 0.960 | 0.960 |
| Par-packer_module | Roderich_schupp | 0.94 | 0.94 |
| Par-packer_module | Roderich_schupp | 0.90 | 0.90 |
| Par-packer_module | Roderich_schupp | 0.980 | 0.980 |
| Par-packer_module | Roderich_schupp | 0.956 | 0.956 |
| Par-packer_module | Roderich_schupp | 0.959 | 0.959 |
| Par-packer_module | Roderich_schupp | 1.001 | 1.001 |
| Par-packer_module | Roderich_schupp | 0.67 | 0.67 |
| Par-packer_module | Roderich_schupp | 0.973 | 0.973 |
| Par-packer_module | Roderich_schupp | 0.73 | 0.73 |
| Par-packer_module | Roderich_schupp | 0.86 | 0.86 |
| Par-packer_module | Roderich_schupp | 0.992_06 | 0.992_06 |
| Par-packer_module | Roderich_schupp | 0.953 | 0.953 |
| Par-packer_module | Roderich_schupp | 0.81 | 0.81 |
| Par-packer_module | Roderich_schupp | 0.976 | 0.976 |
| Par-packer_module | Roderich_schupp | * | 1.002 |
| Par-packer_module | Roderich_schupp | 0.992_01 | 0.992_01 |
| Par-packer_module | Roderich_schupp | 0.952 | 0.952 |
| Par-packer_module | Roderich_schupp | 0.83 | 0.83 |
| Par-packer_module | Roderich_schupp | 0.93 | 0.93 |
| Par-packer_module | Roderich_schupp | 0.992_05 | 0.992_05 |
| Par-packer_module | Roderich_schupp | 0.992_04 | 0.992_04 |
| Par-packer_module | Roderich_schupp | 0.92 | 0.92 |
| Par-packer_module | Roderich_schupp | 0.63 | 0.63 |
| Par-packer_module | Roderich_schupp | 0.85 | 0.85 |
| Par-packer_module | Roderich_schupp | 0.77 | 0.77 |
| Par-packer_module | Roderich_schupp | 0.74 | 0.74 |
| Par-packer_module | Roderich_schupp | 0.992_02 | 0.992_02 |
| Par-packer_module | Roderich_schupp | 0.975 | 0.975 |
| Par-packer_module | Roderich_schupp | 0.68 | 0.68 |
| Par-packer_module | Roderich_schupp | 0.978 | 0.978 |
| Par-packer_module | Roderich_schupp | 0.80 | 0.80 |
| Par-packer_module | Roderich_schupp | 0.87 | 0.87 |
| Par-packer_module | Roderich_schupp | 0.991 | 0.991 |
| Par-packer_module | Roderich_schupp | 0.79 | 0.79 |
| Par-packer_module | Roderich_schupp | 0.958 | 0.958 |
| Par-packer_module | Roderich_schupp | 1.000 | 1.000 |
| Par-packer_module | Roderich_schupp | 0.951 | 0.951 |
| Par-packer_module | Roderich_schupp | 0.91 | 0.91 |
| Par-packer_module | Roderich_schupp | 0.982 | 0.982 |
| Par-packer_module | Roderich_schupp | 0.65 | 0.65 |