Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-10374

Опубликовано: 17 мая 2017
Источник: ubuntu
Приоритет: low
CVSS2: 2.1
CVSS3: 5.5

Описание

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

20140328-2
cosmic

not-affected

20140328-2
devel

not-affected

20140328-2
disco

not-affected

20140328-2
eoan

not-affected

20140328-2
esm-apps/bionic

not-affected

20140328-2
esm-apps/focal

not-affected

20140328-2
esm-apps/jammy

not-affected

20140328-2
esm-apps/noble

not-affected

20140328-2

Показывать по

Ссылки на источники

2.1 Low

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-10374

CVSS3: 2.8
redhat
больше 9 лет назад

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.

nvd логотип

CVE-2016-10374

CVSS3: 5.5
nvd
больше 8 лет назад

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.

debian логотип

CVE-2016-10374

CVSS3: 5.5
debian
больше 8 лет назад

perltidy through 20160302, as used by perlcritic, check-all-the-things ...

github логотип

GHSA-hxj7-36fx-62r2

CVSS3: 5.5
github
больше 3 лет назад

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.

2.1 Low

CVSS2

5.5 Medium

CVSS3