Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-6512

Published: 1 June 2017

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
artful Not vulnerable
(5.26.0-5)
precise
Released (5.14.2-6ubuntu2.7)
trusty
Released (5.18.2-2ubuntu1.4)
upstream
Released (5.24.1-3)
xenial
Released (5.22.1-9ubuntu0.3)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2