{"id":"CVE-2011-4114","details":"The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program.  NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.","modified":"2026-04-10T03:42:01.847268Z","published":"2012-01-13T18:55:03Z","related":["openSUSE-SU-2024:10232-1"],"references":[{"type":"FIX","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=753955"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2011/11/04/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2011/11/04/4"},{"type":"WEB","url":"https://rt.cpan.org/Public/Bug/Display.html?id=69560"}],"schema_version":"1.7.5"}