CVE-2017-6512

Published: 01 June 2017

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
Upstream
Released (5.24.1-3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (5.22.1-9ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.18.2-2ubuntu1.4)
Patches:
Upstream: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2