This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Php | First view | 2011-03-02 |
| Product | Pear | Last view | 2011-03-02 |
| Version | 1.9.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:php:pear | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.3 | 2011-03-02 | CVE-2011-1144 | The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072. |
| 3.3 | 2011-03-02 | CVE-2011-1072 | The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 75083 | PEAR Installer Multiple Directory Temporary File Symlink Arbitrary File Overw... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-07-09 | Name : RedHat Update for php-pear RHSA-2011:1741-03 File : nvt/gb_RHSA-2011_1741-03_php-pear.nasl |
| 2012-03-12 | Name : Debian Security Advisory DSA 2408-1 (php5) File : nvt/deb_2408_1.nasl |
| 2011-12-16 | Name : Mandriva Update for php-pear MDVSA-2011:187 (php-pear) File : nvt/gb_mandriva_MDVSA_2011_187.nasl |
| 2011-05-10 | Name : Ubuntu Update for php5 USN-1126-1 File : nvt/gb_ubuntu_USN_1126_1.nasl |
| 2011-05-10 | Name : Ubuntu Update for php5 USN-1126-2 File : nvt/gb_ubuntu_USN_1126_2.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-182.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20111206_php_pear_on_SL6.nasl - Type: ACT_GATHER_INFO |
| 2012-04-13 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_apache2-mod_php5-120309.nasl - Type: ACT_GATHER_INFO |
| 2012-02-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2408.nasl - Type: ACT_GATHER_INFO |
| 2011-12-16 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2011-187.nasl - Type: ACT_GATHER_INFO |
| 2011-12-06 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2011-1741.nasl - Type: ACT_GATHER_INFO |
| 2011-06-13 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1126-1.nasl - Type: ACT_GATHER_INFO |
| 2011-06-13 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1126-2.nasl - Type: ACT_GATHER_INFO |
