CVE-2011-5060

NameCVE-2011-5060
DescriptionThe par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs650707

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libpar-perl (PTS)buster1.015-1fixed
bullseye1.017-1fixed
bookworm1.018-2fixed
sid, trixie1.020-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpar-perlsourcesqueeze1.000-1+squeeze1
libpar-perlsource(unstable)1.005-1650707
Search for package or bug name: Reporting problems