CVE-1999-1386

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 31, 1999

Updated: Nov 20, 2024

CWE ID 59

Summary

CVE-1999-1386 is a vulnerability affecting Perl 5.004_04 and earlier versions. This issue arises when the software follows symbolic links during execution with the -e option, enabling local users to overwrite arbitrary files through a symlink attack on the /tmp/perl-eaXXXXX file. This vulnerability poses a significant risk, as an attacker can manipulate critical system files, potentially leading to serious system compromise. To mitigate this threat, it is recommended that users upgrade their Perl installations to a version that addresses this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Perl

Affected Vendors

Perl

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/NWlWLM
https://www.cve.org/CVERecord?id=CVE-1999-1386
https://nvd.nist.gov/vuln/detail/CVE-1999-1386

Back to Vulnerability Database