CVE-2011-4116
Published: 31 January 2020
_is_safe in the File::Temp module for Perl does not properly handle symlinks.
Notes
| Author | Note |
|---|---|
| seth-arnold | No agreed-upon or released patch exists for _is_safe(). Solar Designer questions the _is_safe() MEDIUM and HIGH checks altogether; attempted patches to check the safety of parent directories forbid /tmp symlinks. It is probably impossible to make _is_safe() secure. Ubuntu symlink and hardlink restrictions should prevent this entire class of problems. |
Priority
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
libfile-temp-perl Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Ignored
|
|
| maverick |
Ignored
(reached end-of-life)
|
|
| natty |
Ignored
(reached end-of-life)
|
|
| oneiric |
Ignored
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Ignored
|
|
| This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. | ||
|
perl Launchpad, Ubuntu, Debian |
hardy |
Ignored
|
| lucid |
Ignored
|
|
| maverick |
Ignored
(reached end-of-life)
|
|
| natty |
Ignored
(reached end-of-life)
|
|
| oneiric |
Ignored
|
|
| precise |
Ignored
|
|
| quantal |
Ignored
|
|
| upstream |
Ignored
|
|
| This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. | ||