VIR Vulnerability Intelligence Relay

CVE-2011-5060

low
Published 2012-01-13 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
3.3

Description

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 1.005-1
sid Fixed 1.005-1
forky Fixed 1.005-1
bullseye Fixed 1.005-1
bookworm Fixed 1.005-1

Application impact
VendorProductVersionsFixed
roderich_schupppar-packer_module{"endIncluding":"1.002"}
roderich_schupppar-packer_module0.63
roderich_schupppar-packer_module0.64
roderich_schupppar-packer_module0.65
roderich_schupppar-packer_module0.66
roderich_schupppar-packer_module0.67
roderich_schupppar-packer_module0.68
roderich_schupppar-packer_module0.69
roderich_schupppar-packer_module0.70
roderich_schupppar-packer_module0.71
roderich_schupppar-packer_module0.72
roderich_schupppar-packer_module0.73
roderich_schupppar-packer_module0.74
roderich_schupppar-packer_module0.75
roderich_schupppar-packer_module0.76
roderich_schupppar-packer_module0.77
roderich_schupppar-packer_module0.78
roderich_schupppar-packer_module0.79
roderich_schupppar-packer_module0.80
roderich_schupppar-packer_module0.81
roderich_schupppar-packer_module0.82
roderich_schupppar-packer_module0.83
roderich_schupppar-packer_module0.85
roderich_schupppar-packer_module0.86
roderich_schupppar-packer_module0.87
roderich_schupppar-packer_module0.88
roderich_schupppar-packer_module0.89
roderich_schupppar-packer_module0.90
roderich_schupppar-packer_module0.91
roderich_schupppar-packer_module0.92
roderich_schupppar-packer_module0.93
roderich_schupppar-packer_module0.94
roderich_schupppar-packer_module0.941
roderich_schupppar-packer_module0.942
roderich_schupppar-packer_module0.951
roderich_schupppar-packer_module0.952
roderich_schupppar-packer_module0.953
roderich_schupppar-packer_module0.954
roderich_schupppar-packer_module0.955
roderich_schupppar-packer_module0.956
roderich_schupppar-packer_module0.957
roderich_schupppar-packer_module0.958
roderich_schupppar-packer_module0.959
roderich_schupppar-packer_module0.960
roderich_schupppar-packer_module0.970
roderich_schupppar-packer_module0.973
roderich_schupppar-packer_module0.975
roderich_schupppar-packer_module0.976
roderich_schupppar-packer_module0.977
roderich_schupppar-packer_module0.978
roderich_schupppar-packer_module0.979
roderich_schupppar-packer_module0.980
roderich_schupppar-packer_module0.981
roderich_schupppar-packer_module0.982
roderich_schupppar-packer_module0.991
roderich_schupppar-packer_module0.992_01
roderich_schupppar-packer_module0.992_02
roderich_schupppar-packer_module0.992_03
roderich_schupppar-packer_module0.992_04
roderich_schupppar-packer_module0.992_05
roderich_schupppar-packer_module0.992_06
roderich_schupppar-packer_module1.000
roderich_schupppar-packer_module1.001

References

CWEs

CWE-264

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.