Summary
Detail | |||
---|---|---|---|
Vendor | Php | First view | 2011-03-02 |
Product | Pear | Last view | 2011-03-02 |
Version | 1.9.1 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:php:pear |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
3.3 | 2011-03-02 | CVE-2011-1144 | The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072. |
3.3 | 2011-03-02 | CVE-2011-1072 | The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
75083 | PEAR Installer Multiple Directory Temporary File Symlink Arbitrary File Overw... |
OpenVAS Exploits
id | Description |
---|---|
2012-07-09 | Name : RedHat Update for php-pear RHSA-2011:1741-03 File : nvt/gb_RHSA-2011_1741-03_php-pear.nasl |
2012-03-12 | Name : Debian Security Advisory DSA 2408-1 (php5) File : nvt/deb_2408_1.nasl |
2011-12-16 | Name : Mandriva Update for php-pear MDVSA-2011:187 (php-pear) File : nvt/gb_mandriva_MDVSA_2011_187.nasl |
2011-05-10 | Name : Ubuntu Update for php5 USN-1126-1 File : nvt/gb_ubuntu_USN_1126_1.nasl |
2011-05-10 | Name : Ubuntu Update for php5 USN-1126-2 File : nvt/gb_ubuntu_USN_1126_2.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-182.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20111206_php_pear_on_SL6.nasl - Type: ACT_GATHER_INFO |
2012-04-13 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_apache2-mod_php5-120309.nasl - Type: ACT_GATHER_INFO |
2012-02-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2408.nasl - Type: ACT_GATHER_INFO |
2011-12-16 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2011-187.nasl - Type: ACT_GATHER_INFO |
2011-12-06 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2011-1741.nasl - Type: ACT_GATHER_INFO |
2011-06-13 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1126-1.nasl - Type: ACT_GATHER_INFO |
2011-06-13 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1126-2.nasl - Type: ACT_GATHER_INFO |