CVE-2017-6512

Published: 1 June 2017

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

Priority

CVSS 3 base score: 5.9

Status

Package	Release	Status
perl Launchpad, Ubuntu, Debian	artful	Not vulnerable (5.26.0-5)
	precise	Released (5.14.2-6ubuntu2.7)
	trusty	Released (5.18.2-2ubuntu1.4)
	upstream	Released (5.24.1-3)
	xenial	Released (5.22.1-9ubuntu0.3)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
	Patches: upstream: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6512
http://cpansearch.perl.org/src/JKEENAN/File-Path-2.13/Changes
https://ubuntu.com/security/notices/USN-3625-1
https://ubuntu.com/security/notices/USN-3625-2
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863870
https://rt.cpan.org/Ticket/Display.html?id=121951

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›