CVE-2012-2451 : The Config::IniFiles module before 2.71 for Perl creates temporary files with pr

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.

Published 2012-06-27 21:55:03

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2012-2451

Shlomi Fish » Config-inifiles
Versions up to, including, (<=) 2.70
cpe:2.3:a:shlomi_fish:config-inifiles:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-2451

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 25 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-2451

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.6	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:P	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

References for CVE-2012-2451

http://www.ubuntu.com/usn/USN-1543-1

USN-1543-1: Config-IniFiles vulnerability | Ubuntu security notices
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html

[SECURITY] Fedora 16 Update: perl-Config-IniFiles-2.72-1.fc16
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html

[SECURITY] Fedora 15 Update: perl-Config-IniFiles-2.72-1.fc15
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html

[SECURITY] Fedora 17 Update: perl-Config-IniFiles-2.72-1.fc17
http://www.openwall.com/lists/oss-security/2012/05/02/6

oss-security - temporary file issue in Config::IniFiles Config-IniFiles perl-Config-IniFiles
http://secunia.com/advisories/48990

Sign in
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/75328

Config::IniFiles module for Perl symlink CVE-2012-2451 Vulnerability Report
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59

shlomif / perl-Config-IniFiles / commit / a08fa26f4f59 — Bitbucket
Exploit;Patch
http://www.securityfocus.com/bid/53361

Perl Config::IniFiles Module Insecure Temporary File Creation Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=818386

818386 – (CVE-2012-2451) CVE-2012-2451 perl-Config-IniFiles: insecure temporary file usage
http://www.osvdb.org/81671

404 Not Found

Jump to

Vulnerability Details : CVE-2012-2451

Products affected by CVE-2012-2451

Exploit prediction scoring system (EPSS) score for CVE-2012-2451

CVSS scores for CVE-2012-2451

References for CVE-2012-2451