This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Php First view 2011-03-02
Product Pear Last view 2011-03-02
Version 1.5.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:php:pear

Activity : Overall

Related : CVE

  Date Alert Description
3.3 2011-03-02 CVE-2011-1144

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.

3.3 2011-03-02 CVE-2011-1072

The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.

CWE : Common Weakness Enumeration

%idName
100% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Open Source Vulnerability Database (OSVDB)

id Description
75083 PEAR Installer Multiple Directory Temporary File Symlink Arbitrary File Overw...

OpenVAS Exploits

id Description
2012-07-09 Name : RedHat Update for php-pear RHSA-2011:1741-03
File : nvt/gb_RHSA-2011_1741-03_php-pear.nasl
2012-03-12 Name : Debian Security Advisory DSA 2408-1 (php5)
File : nvt/deb_2408_1.nasl
2011-12-16 Name : Mandriva Update for php-pear MDVSA-2011:187 (php-pear)
File : nvt/gb_mandriva_MDVSA_2011_187.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-1
File : nvt/gb_ubuntu_USN_1126_1.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-2
File : nvt/gb_ubuntu_USN_1126_2.nasl

Nessus® Vulnerability Scanner

id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-182.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20111206_php_pear_on_SL6.nasl - Type: ACT_GATHER_INFO
2012-04-13 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_apache2-mod_php5-120309.nasl - Type: ACT_GATHER_INFO
2012-02-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2408.nasl - Type: ACT_GATHER_INFO
2011-12-16 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2011-187.nasl - Type: ACT_GATHER_INFO
2011-12-06 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2011-1741.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1126-1.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1126-2.nasl - Type: ACT_GATHER_INFO