This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Php First view 2011-03-02
Product Pear Last view 2011-03-02
Version 1.9.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:php:pear

Activity : Overall

Related : CVE

  Date Alert Description
3.3 2011-03-02 CVE-2011-1144

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Open Source Vulnerability Database (OSVDB)

id Description
75083 PEAR Installer Multiple Directory Temporary File Symlink Arbitrary File Overw...

OpenVAS Exploits

id Description
2011-05-10 Name : Ubuntu Update for php5 USN-1126-1
File : nvt/gb_ubuntu_USN_1126_1.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-2
File : nvt/gb_ubuntu_USN_1126_2.nasl

Nessus® Vulnerability Scanner

id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1126-1.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1126-2.nasl - Type: ACT_GATHER_INFO