CVE-2011-5060 : The par_mktmpdir function in the PAR module before 1.003 for Perl creates tempor

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

Published 2012-01-13 19:55:01

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2011-5060

Roderich Schupp » Par-packer Module
Versions up to, including, (<=) 1.002
cpe:2.3:a:roderich_schupp:par-packer_module:*:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 1.001
cpe:2.3:a:roderich_schupp:par-packer_module:1.001:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 1.000
cpe:2.3:a:roderich_schupp:par-packer_module:1.000:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.992 06
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_06:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.992 05
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_05:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.975
cpe:2.3:a:roderich_schupp:par-packer_module:0.975:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.973
cpe:2.3:a:roderich_schupp:par-packer_module:0.973:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.970
cpe:2.3:a:roderich_schupp:par-packer_module:0.970:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.960
cpe:2.3:a:roderich_schupp:par-packer_module:0.960:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.92
cpe:2.3:a:roderich_schupp:par-packer_module:0.92:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.91
cpe:2.3:a:roderich_schupp:par-packer_module:0.91:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.90
cpe:2.3:a:roderich_schupp:par-packer_module:0.90:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.89
cpe:2.3:a:roderich_schupp:par-packer_module:0.89:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.74
cpe:2.3:a:roderich_schupp:par-packer_module:0.74:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.73
cpe:2.3:a:roderich_schupp:par-packer_module:0.73:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.72
cpe:2.3:a:roderich_schupp:par-packer_module:0.72:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.71
cpe:2.3:a:roderich_schupp:par-packer_module:0.71:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.992 04
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_04:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.992 02
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_02:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.978
cpe:2.3:a:roderich_schupp:par-packer_module:0.978:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.976
cpe:2.3:a:roderich_schupp:par-packer_module:0.976:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.959
cpe:2.3:a:roderich_schupp:par-packer_module:0.959:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.957
cpe:2.3:a:roderich_schupp:par-packer_module:0.957:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.955
cpe:2.3:a:roderich_schupp:par-packer_module:0.955:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.942
cpe:2.3:a:roderich_schupp:par-packer_module:0.942:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.94
cpe:2.3:a:roderich_schupp:par-packer_module:0.94:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.87
cpe:2.3:a:roderich_schupp:par-packer_module:0.87:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.85
cpe:2.3:a:roderich_schupp:par-packer_module:0.85:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.77
cpe:2.3:a:roderich_schupp:par-packer_module:0.77:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.75
cpe:2.3:a:roderich_schupp:par-packer_module:0.75:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.70
cpe:2.3:a:roderich_schupp:par-packer_module:0.70:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.68
cpe:2.3:a:roderich_schupp:par-packer_module:0.68:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.991
cpe:2.3:a:roderich_schupp:par-packer_module:0.991:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.982
cpe:2.3:a:roderich_schupp:par-packer_module:0.982:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.981
cpe:2.3:a:roderich_schupp:par-packer_module:0.981:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.980
cpe:2.3:a:roderich_schupp:par-packer_module:0.980:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.954
cpe:2.3:a:roderich_schupp:par-packer_module:0.954:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.953
cpe:2.3:a:roderich_schupp:par-packer_module:0.953:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.952
cpe:2.3:a:roderich_schupp:par-packer_module:0.952:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.951
cpe:2.3:a:roderich_schupp:par-packer_module:0.951:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.83
cpe:2.3:a:roderich_schupp:par-packer_module:0.83:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.82
cpe:2.3:a:roderich_schupp:par-packer_module:0.82:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.81
cpe:2.3:a:roderich_schupp:par-packer_module:0.81:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.80
cpe:2.3:a:roderich_schupp:par-packer_module:0.80:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.79
cpe:2.3:a:roderich_schupp:par-packer_module:0.79:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.66
cpe:2.3:a:roderich_schupp:par-packer_module:0.66:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.65
cpe:2.3:a:roderich_schupp:par-packer_module:0.65:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.64
cpe:2.3:a:roderich_schupp:par-packer_module:0.64:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.63
cpe:2.3:a:roderich_schupp:par-packer_module:0.63:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.992 03
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_03:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.992 01
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_01:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.979
cpe:2.3:a:roderich_schupp:par-packer_module:0.979:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.977
cpe:2.3:a:roderich_schupp:par-packer_module:0.977:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.958
cpe:2.3:a:roderich_schupp:par-packer_module:0.958:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.956
cpe:2.3:a:roderich_schupp:par-packer_module:0.956:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.941
cpe:2.3:a:roderich_schupp:par-packer_module:0.941:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.93
cpe:2.3:a:roderich_schupp:par-packer_module:0.93:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.88
cpe:2.3:a:roderich_schupp:par-packer_module:0.88:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.86
cpe:2.3:a:roderich_schupp:par-packer_module:0.86:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.78
cpe:2.3:a:roderich_schupp:par-packer_module:0.78:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.76
cpe:2.3:a:roderich_schupp:par-packer_module:0.76:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.69
cpe:2.3:a:roderich_schupp:par-packer_module:0.69:*:*:*:*:*:*:*
Matching versions
Roderich Schupp » Par-packer Module » Version: 0.67
cpe:2.3:a:roderich_schupp:par-packer_module:0.67:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-5060

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-5060

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	AV:L/AC:M/Au:N/C:N/I:P/A:P	3.4	4.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-5060

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-5060

https://rt.cpan.org/Public/Bug/Display.html?id=69560

Bug #69560 for PAR-Packer: PAR packed files are extracted to unsafe and predictable temporary directories

CVEs referencing this url
http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
https://exchange.xforce.ibmcloud.com/vulnerabilities/72435

PAR module par_mktmpdir symlink CVE-2011-5060 Vulnerability Report
https://bugzilla.redhat.com/show_bug.cgi?id=753955

753955 – (CVE-2011-4114, CVE-2011-5060) CVE-2011-4114 CVE-2011-5060 perl-PAR-Packer/perl-PAR: insecure temporary directory handling
Patch

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2011-5060

Products affected by CVE-2011-5060

Exploit prediction scoring system (EPSS) score for CVE-2011-5060

CVSS scores for CVE-2011-5060

CWE ids for CVE-2011-5060

References for CVE-2011-5060