Re: [oss-security] CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack

From: Josh Bressers <bressers_at_nospam>
Date: Mon Feb 28 2011 - 21:01:58 GMT
To: oss-security@lists.openwall.com

Please use CVE-2011-1072

Thanks.

-- JB ----- Original Message ----- > The lack of symlink checks in the PEAR installer 1.9.1 <= while doing > installation and upgrades, which initiate various system write > operations, can cause privileged users unknowingly to overwrite > critical system files. > > Further information can be found in this temporary advisory > http://pear.php.net/advisory-20110228.txt and the > > Fixes can be found at http://news.php.net/php.pear.cvs/61264 > > - Helgi

This message: [ Message body ]
Next message: Kees Cook: "Re: [oss-security] CVE request: kernel: OOM-killer via argv expansion"
Previous message: Josh Bressers: "Re: [oss-security] cve request: eglibc memory corruption"
In reply to: Helgi Þormar Þorbjörnsson: "[oss-security] CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]