oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE Request: PEAR Installer 1.9.1 &

[oss-security] CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack

From: Helgi Žormar Žorbjörnsson <helgi_at_nospam>
Date: Mon Feb 28 2011 - 18:59:15 GMT
To: oss-security@lists.openwall.com

The lack of symlink checks in the PEAR installer 1.9.1 <= while doing
installation and upgrades, which initiate various system write
operations, can cause privileged users unknowingly to overwrite
critical system files.

Further information can be found in this temporary advisory
http://pear.php.net/advisory-20110228.txt and the

Fixes can be found at http://news.php.net/php.pear.cvs/61264

- Helgi