Описание
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
Отчет
This issue did not affect the versions of php-pear as shipped with Red Hat Enterprise Linux 5, 6 and 7 as well as Red Hat Software Collections as they do not use a world-writable directory for storing PEAR cache data.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php-pear | Not affected | ||
| Red Hat Enterprise Linux 6 | php-pear | Not affected | ||
| Red Hat Enterprise Linux 7 | php-pear | Not affected | ||
| Red Hat Software Collections | php54-php-pear | Not affected | ||
| Red Hat Software Collections | php55-php-pear | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.6 Low
CVSS2
Связанные уязвимости
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows lo ...
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
EPSS
3.6 Low
CVSS2