CVE-2011-1072 – php-pear: symlink vulnerability in PEAR installer
https://notcve.org/view.php?id=CVE-2011-1072
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. El instalador de PEAR en versiones anteriores a la 1.9.2 permite a usuarios locales sobreescribir ficheros de su elección a través de un ataque de enlace simbólico ("symlink attack") en el fichero package.xml. Relacionado con los directorios (1) download_dir, (2) cache_dir, (3) tmp_dir y (4) pear-build-download. Una vulnerabilidad distinta a la CVE-2007-2519. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164 http://news.php.net/php.pear.cvs/61264 http://openwall.com/lists/oss-security/2011/02/28/12 http://openwall.com/lists/oss-security/2011/02/28/3 http://openwall.com/lists/oss-security/2011/02/28/5 http://openwall.com/lists/oss-security/2011/03/01/4 http://openwall.com/lists/oss-security/2011/03/01/5 http://openwall.com/lists/oss-security/2011/03/01/7 http://openwall.com/lists/oss • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2011-1144
https://notcve.org/view.php?id=CVE-2011-1144
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072. El instalador de PEAR 1.9.2 y versiones anteriores permite a los usuarios locales sobreescribir archivos de su elección a través de un ataque de enlace simbólico ("symlink attack") en el fichero package.xml. Relacionado con los directorios (1) download_dir, (2) cache_dir, (3) tmp_dir y (4) pear-build-download. NOTA: esta vulnerabilidad existe debido a una solución incompleta del CVE-2011-1072. • http://openwall.com/lists/oss-security/2011/02/28/5 http://openwall.com/lists/oss-security/2011/03/01/4 http://openwall.com/lists/oss-security/2011/03/01/5 http://openwall.com/lists/oss-security/2011/03/01/7 http://openwall.com/lists/oss-security/2011/03/01/8 http://openwall.com/lists/oss-security/2011/03/01/9 http://pear.php.net/bugs/bug.php?id=18056 https://exchange.xforce.ibmcloud.com/vulnerabilities/65911 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2009-4023
https://notcve.org/view.php?id=CVE-2009-4023
Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111. Vulnerabilidad de inyección de argumento en la implementación sendmail del método Mail::Send (Mail/sendmail.php) en el paquete Mail v1.1.14 para for PEAR, permite a atacantes remotos leer y escribir ficheros de su elección a través de un parámetro $from, es un vector distinto a CVE_2009-4111. • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://pear.php.net/bugs/bug.php?id=16200 http://pear.php.net/bugs/bug.php?id=16200&edit=12&patch=quick-fix&revision=1241757412 http://secunia.com/advisories/37410 http://secunia.com/advisories/37458 http://svn.php.net/viewvc/pear/packages/Mail/trunk/Mail/sendmail.php?r1=243717&r2=280134 http://www.debian.org/security/2009/dsa-1938 http://www.openwall.com/lists/oss-security/2009/11/23/8 http • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-4024
https://notcve.org/view.php?id=CVE-2009-4024
Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem. La vulnerabilidad de inyección de argumentos en la función ping en el archivo Ping.php en el paquete Net_Ping anterior a versión 2.4.5 para PEAR, permite a los atacantes remotos ejecutar comandos de shell arbitrarios por medio del parámetro host. NOTA: esto también se ha notificado como un problema del metacarácter de shell. • http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory http://pear.php.net/advisory20091114-01.txt http://pear.php.net/package/Net_Ping/download/2.4.5 http://secunia.com/advisories/37451 http://secunia.com/advisories/37502 http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669 http://www.debian.org/security/2009/dsa-1949 http://www.securityfocus.com/bid/37093 http://www.vupen.com/english/ad • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-2519 – PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. Vulnerabilidad de salto de directorio en el instalador en PEAR 1.0 hasat 1.5.3 permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección mediante una secuencia .. (punto punto) en (1) el atributo install-as en el elemento fichero (file) en package.xml 1.0 o (2) el atributo as en el elemento instación (install) en package.xml 2.0. • https://www.exploit-db.com/exploits/30074 http://osvdb.org/42108 http://pear.php.net/advisory-20070507.txt http://pear.php.net/news/vulnerability2.php http://secunia.com/advisories/25372 http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 http://www.securityfocus.com/bid/24111 http://www.ubuntu.com/usn/usn-462-1 http://www.vupen.com/english/advisories/2007/1926 https://exchange.xforce.ibmcloud.com/vulnerabilities/34482 •