3.6

CVE-2012-2451

Exploit

EPSS 0.06%
Veröffentlicht 27.06.2012 21:55:03
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.  NOTE: some of these details are obtained from third party information.  NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shlomi Fish ≫ Config-inifiles Version <= 2.70

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.173

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:N/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html

http://secunia.com/advisories/48990

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/05/02/6

http://www.osvdb.org/81671

http://www.securityfocus.com/bid/53361

http://www.ubuntu.com/usn/USN-1543-1

https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59

Patch

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=818386

https://exchange.xforce.ibmcloud.com/vulnerabilities/75328

https://nvd.nist.gov/vuln/detail/CVE-2012-2451

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2451

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2451

EUVD