CVE-2006-1280

NameCVE-2006-1280
DescriptionCGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs356555

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libcgi-session-perl (PTS)buster, bullseye4.48-3fixed
sid, trixie, bookworm4.48-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libcgi-session-perlsource(unstable)4.07-1low356555

Notes

[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
Search for package or bug name: Reporting problems