03 May 2012
Config::IniFiles 2.x (module for Perl)
This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users.
This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
A security issue has been reported in the Config::IniFiles module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
The security issue is caused due to the application using a temporary file in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks.
The security issue is reported in versions prior to 2.71.
Update to version 2.71.
Reported by the vendor.