|Main Archive Page > Month Archives > full-disclosure-uk archives|
rPath Security Advisory: 2009-0011-1
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Exposure Level Classification:
Local Root Non-Deterministic Weakness Updated Versions:
rPath Issue Tracking System:
Previous versions of Perl contained a race condition in the rmtree function of the File::Path module that allowed local users to create arbitrary setuid binaries via a symlink attack. This is a regression related to CVE-2005-0448.
Additionally a double free vulnerability exists that allows context-dependent attackers to cause a denial of service via a crafted regular expression containing UTF8 characters.
Copyright 2009 rPath, Inc.
This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html