Candidate: CVE-2011-4114 PublicDate: 2012-01-13 18:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4114 Description: The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier. Ubuntu-Description: Notes: sbeattie> libpar-perl issued the fix for this issue annotated with sbeattie> CVE-2011-4114; however, it subsequently got split out into a sbeattie> separate cve, CVE-2011-5060. Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650706 Priority: low Discovered-by: Assigned-to: CVSS: Patches_libpar-packer-perl: upstream_libpar-packer-perl: released (1.012) hardy_libpar-packer-perl: ignored (reached end-of-life) lucid_libpar-packer-perl: ignored (reached end-of-life) maverick_libpar-packer-perl: ignored (reached end-of-life) natty_libpar-packer-perl: ignored (reached end-of-life) oneiric_libpar-packer-perl: ignored (reached end-of-life) precise_libpar-packer-perl: not-affected (1.012-1) quantal_libpar-packer-perl: not-affected (1.012-1) raring_libpar-packer-perl: not-affected (1.012-1) saucy_libpar-packer-perl: not-affected (1.012-1) devel_libpar-packer-perl: not-affected (1.012-1) Patches_libpar-perl: upstream_libpar-perl: not-affected (see CVE-2011-5060) hardy_libpar-perl: not-affected (see CVE-2011-5060) lucid_libpar-perl: not-affected (see CVE-2011-5060) maverick_libpar-perl: not-affected (see CVE-2011-5060) natty_libpar-perl: not-affected (see CVE-2011-5060) oneiric_libpar-perl: not-affected (see CVE-2011-5060) precise_libpar-perl: not-affected (see CVE-2011-5060) quantal_libpar-perl: not-affected (see CVE-2011-5060) raring_libpar-perl: not-affected (see CVE-2011-5060) saucy_libpar-perl: not-affected (see CVE-2011-5060) devel_libpar-perl: not-affected (see CVE-2011-5060)