CVE-2016-10374 -- perltidyID: oval:org.secpod.oval:def:1900467 | Date: (C)2019-02-28 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
perltidy through 20160302, as used by perl critic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.
Platform: |
Ubuntu 16.04 |
Ubuntu 14.04 |