Search for vulnerabilities
Vulnerability details: VCID-zukg-ypv2-aaap
Vulnerability ID VCID-zukg-ypv2-aaap
Aliases CVE-2008-2827
Summary The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
Status Published
Exploitability 2.0
Weighted Severity 4.1
Risk 8.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2008-2827
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=452635
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2008-2827
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://rt.cpan.org/Public/Bug/Display.html?id=36982
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2827.json
https://api.first.org/data/v1/epss?cve=CVE-2008-2827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2827
http://secunia.com/advisories/30790
http://secunia.com/advisories/30837
http://secunia.com/advisories/31687
https://exchange.xforce.ibmcloud.com/vulnerabilities/43308
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:165
http://www.securityfocus.com/bid/29902
http://www.securitytracker.com/id?1020373
452635 https://bugzilla.redhat.com/show_bug.cgi?id=452635
487319 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319
cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*
CVE-2008-2827 https://nvd.nist.gov/vuln/detail/CVE-2008-2827
CVE-2008-2827;OSVDB-46563 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/31959.txt
CVE-2008-2827;OSVDB-46563 Exploit https://www.securityfocus.com/bid/29902/info
Data source Exploit-DB
Date added June 23, 2008
Description Perl - 'rmtree()' Function Local Insecure Permissions
Ransomware campaign use Known
Source publication date June 23, 2008
Exploit type local
Platform linux
Source update date Feb. 27, 2014
Source URL https://www.securityfocus.com/bid/29902/info
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-2827
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.10625
EPSS Score 0.00043
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.