CVE-2011-4114
- Source
- https://cve.org/CVERecord?id=CVE-2011-4114
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-4114.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2011-4114
- Downstream
- Related
- Published
- 2012-01-13T18:55:03Z
- Modified
- 2026-04-10T03:42:01.847268Z
- Summary
- [none]
- Details
-
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
- References
-
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html
- http://www.openwall.com/lists/oss-security/2011/11/04/2
- http://www.openwall.com/lists/oss-security/2011/11/04/4
- https://rt.cpan.org/Public/Bug/Display.html?id=69560