Description
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.
Affected products
- php / pear1.9.2
- php / pear0.2.2 – 0.2.2
- php / pear0.9 – 0.9
- php / pear0.10 – 0.10
- php / pear0.11 – 0.11
- php / pear0.90 – 0.90
- php / pear1.0 – 1.0
- php / pear1.0.1 – 1.0.1
- php / pear1.1 – 1.1
- php / pear1.2 – 1.2
- php / pear1.2.1 – 1.2.1
- php / pear1.3 – 1.3
- php / pear1.3.1 – 1.3.1
- php / pear1.3.3 – 1.3.3
- php / pear1.3.3.1 – 1.3.3.1
- php / pear1.3.4 – 1.3.4
- php / pear1.3.5 – 1.3.5
- php / pear1.3.6 – 1.3.6
- php / pear1.4.0 – 1.4.0
- php / pear1.4.0 – 1.4.0
- php / pear1.4.0 – 1.4.0
- php / pear1.4.1 – 1.4.1
- php / pear1.4.2 – 1.4.2
- php / pear1.5.0 – 1.5.0
- php / pear1.5.1 – 1.5.1
- php / pear1.6.1 – 1.6.1
- php / pear1.9.1 – 1.9.1
References
- MAILING_LISThttp://openwall.com/lists/oss-security/2011/02/28/5
- MAILING_LISThttp://openwall.com/lists/oss-security/2011/03/01/7
- MISChttp://pear.php.net/bugs/bug.php?id=18056
- MAILING_LISThttp://openwall.com/lists/oss-security/2011/03/01/8
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/65911
- MAILING_LISThttp://openwall.com/lists/oss-security/2011/03/01/5
- MAILING_LISThttp://openwall.com/lists/oss-security/2011/03/01/4
- MAILING_LISThttp://openwall.com/lists/oss-security/2011/03/01/9