VULNERABILITIES / FIXES - May 03, 2012
by Carol~ - 5/3/12 8:03 AM
Perl Config::IniFiles Module Insecure Temporary File Security Issue
Release Date : 2012-05-03
Criticality level : Not critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch
Software: Config::IniFiles 2.x (module for Perl)
A security issue has been reported in the Config::IniFiles module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
The security issue is caused due to the application using a temporary file in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks.
The security issue is reported in versions prior to 2.71.
Update to version 2.71.
Provided and/or discovered by:
Reported by the vendor.