English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsSA48990

Perl Config::IniFiles Module Insecure Temporary File Security Issue


Secunia ID

SA48990
CVE-ID

CVE-2012-2451
Release Date

03 May 2012
Criticality

Not Critical
Solution Status

Vendor Patch
Software

Config::IniFiles 2.x (module for Perl)
Where

Local system
Impact
Privilege escalation

This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users.

This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
Description

A security issue has been reported in the Config::IniFiles module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the application using a temporary file in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks.

The security issue is reported in versions prior to 2.71.
Solution

Update to version 2.71.
Reported by

Reported by the vendor.
Original Advisory

https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search