This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Php First view 2005-12-10
Product Pear Last view 2011-03-02
Version 1.2 Type Application
Update b5  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:php:pear

Activity : Overall

Related : CVE

  Date Alert Description
3.3 2011-03-02 CVE-2011-1144

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.

3.3 2011-03-02 CVE-2011-1072

The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.

5.1 2005-12-10 CVE-2005-4154

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.

CWE : Common Weakness Enumeration

%idName
100% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Open Source Vulnerability Database (OSVDB)

id Description
75083 PEAR Installer Multiple Directory Temporary File Symlink Arbitrary File Overw...
20856 PEAR Installer Crafted Package Arbitrary Command Execution

OpenVAS Exploits

id Description
2012-07-09 Name : RedHat Update for php-pear RHSA-2011:1741-03
File : nvt/gb_RHSA-2011_1741-03_php-pear.nasl
2012-03-12 Name : Debian Security Advisory DSA 2408-1 (php5)
File : nvt/deb_2408_1.nasl
2011-12-16 Name : Mandriva Update for php-pear MDVSA-2011:187 (php-pear)
File : nvt/gb_mandriva_MDVSA_2011_187.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-1
File : nvt/gb_ubuntu_USN_1126_1.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-2
File : nvt/gb_ubuntu_USN_1126_2.nasl

Nessus® Vulnerability Scanner

id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-182.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20111206_php_pear_on_SL6.nasl - Type: ACT_GATHER_INFO
2012-04-13 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_apache2-mod_php5-120309.nasl - Type: ACT_GATHER_INFO
2012-02-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2408.nasl - Type: ACT_GATHER_INFO
2011-12-16 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2011-187.nasl - Type: ACT_GATHER_INFO
2011-12-06 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2011-1741.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1126-1.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1126-2.nasl - Type: ACT_GATHER_INFO