Описание
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 5.1.2-1ubuntu3.22 |
| devel | not-affected | |
| hardy | released | 5.2.4-2ubuntu5.15 |
| karmic | released | 5.2.10.dfsg.1-2ubuntu6.9 |
| lucid | released | 5.3.2-1ubuntu4.8 |
| maverick | released | 5.3.3-1ubuntu9.4 |
| natty | not-affected | |
| upstream | released | 5.2.11.dsfg.1-1 |
Показывать по
EPSS
3.3 Low
CVSS2
Связанные уязвимости
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
The installer in PEAR before 1.9.2 allows local users to overwrite arb ...
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
ELSA-2011-1741: php-pear security and bug fix update (LOW)
EPSS
3.3 Low
CVSS2