The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File:ath, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value.
Continue reading...
Continue reading...