Vigil@nce - perl File-Path: permission tampering
August 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a symbolic link, in order to change
the access rights assigned to the pointed file, with the
privileges of the process using the Perl module File::Path.
Impacted products: Debian, Fedora, Kubernetes, OpenBSD.
Severity: 2/4.
Creation date: 06/06/2017.
DESCRIPTION OF THE VULNERABILITY
A local attacker can create a symbolic link, in order to change
the access rights assigned to the pointed file, with the
privileges of the process using the Perl module File::Path.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/perl-File-Path-permission-tampering-22899