CVE-2008-2827

perl - Arbitrary File Permission Modification via Symlink Attack in rmtree Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2827. PoCs published by Frans Pop.

AI-analyzed exploit summary This exploit demonstrates a local vulnerability in Perl 5.10.0 where the `rmtree` function from `File::Path` incorrectly follows symbolic links, allowing an attacker to change the permissions of arbitrary files. The PoC creates a symbolic link and uses `rmtree` to modify the permissions of the target file.

Description

The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Frans Pop · textlocallinux

https://www.exploit-db.com/exploits/31959

View Code ZIP pw:eip

This exploit demonstrates a local vulnerability in Perl 5.10.0 where the `rmtree` function from `File::Path` incorrectly follows symbolic links, allowing an attacker to change the permissions of arbitrary files. The PoC creates a symbolic link and uses `rmtree` to modify the permissions of the target file.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Perl 5.10.0

No auth needed

Prerequisites: Local access to the system · Perl 5.10.0 installed

MITRE ATT&CK