CVE-2011-5060

Name: CVE-2011-5060
Creator: NVD / NIST
Published: 2012-01-13T19:55:01.203+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.31%

Last modified Jun 16, 2026

CVE-2011-5060 is a vulnerability of currently unknown severity. The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.

Description

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

Metrics

EPSS Probability

0.31%

22.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Roderich Schupp	Par-Packer Module	<= 1.002
Roderich Schupp	Par-Packer Module	0.63
Roderich Schupp	Par-Packer Module	0.64
Roderich Schupp	Par-Packer Module	0.65
Roderich Schupp	Par-Packer Module	0.66
Roderich Schupp	Par-Packer Module	0.67
Roderich Schupp	Par-Packer Module	0.68
Roderich Schupp	Par-Packer Module	0.69
Roderich Schupp	Par-Packer Module	0.70
Roderich Schupp	Par-Packer Module	0.71
Roderich Schupp	Par-Packer Module	0.72
Roderich Schupp	Par-Packer Module	0.73
Roderich Schupp	Par-Packer Module	0.74
Roderich Schupp	Par-Packer Module	0.75
Roderich Schupp	Par-Packer Module	0.76
Roderich Schupp	Par-Packer Module	0.77
Roderich Schupp	Par-Packer Module	0.78
Roderich Schupp	Par-Packer Module	0.79
Roderich Schupp	Par-Packer Module	0.80
Roderich Schupp	Par-Packer Module	0.81
Roderich Schupp	Par-Packer Module	0.82
Roderich Schupp	Par-Packer Module	0.83
Roderich Schupp	Par-Packer Module	0.85
Roderich Schupp	Par-Packer Module	0.86
Roderich Schupp	Par-Packer Module	0.87
Roderich Schupp	Par-Packer Module	0.88
Roderich Schupp	Par-Packer Module	0.89
Roderich Schupp	Par-Packer Module	0.90
Roderich Schupp	Par-Packer Module	0.91
Roderich Schupp	Par-Packer Module	0.92
Roderich Schupp	Par-Packer Module	0.93
Roderich Schupp	Par-Packer Module	0.94
Roderich Schupp	Par-Packer Module	0.941
Roderich Schupp	Par-Packer Module	0.942
Roderich Schupp	Par-Packer Module	0.951
Roderich Schupp	Par-Packer Module	0.952
Roderich Schupp	Par-Packer Module	0.953
Roderich Schupp	Par-Packer Module	0.954
Roderich Schupp	Par-Packer Module	0.955
Roderich Schupp	Par-Packer Module	0.956
Roderich Schupp	Par-Packer Module	0.957
Roderich Schupp	Par-Packer Module	0.958
Roderich Schupp	Par-Packer Module	0.959
Roderich Schupp	Par-Packer Module	0.960
Roderich Schupp	Par-Packer Module	0.970
Roderich Schupp	Par-Packer Module	0.973
Roderich Schupp	Par-Packer Module	0.975
Roderich Schupp	Par-Packer Module	0.976
Roderich Schupp	Par-Packer Module	0.977
Roderich Schupp	Par-Packer Module	0.978

Showing 50 of 63 affected configurations. See NVD for the full list.

References

Timeline

Published: Jan 13, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-5060?

How severe is CVE-2011-5060?

Severity scoring for CVE-2011-5060 is pending analysis. The EPSS model estimates a 0.31% probability of exploitation in the next 30 days.

How do I fix CVE-2011-5060?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-5060?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST