oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE Request: PEAR Installer 1.9

Re: [oss-security] CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack

From: Josh Bressers <bressers_at_nospam>
Date: Mon Feb 28 2011 - 21:01:58 GMT
To: oss-security@lists.openwall.com

Please use CVE-2011-1072

Thanks.

-- JB ----- Original Message ----- > The lack of symlink checks in the PEAR installer 1.9.1 <= while doing > installation and upgrades, which initiate various system write > operations, can cause privileged users unknowingly to overwrite > critical system files. > > Further information can be found in this temporary advisory > http://pear.php.net/advisory-20110228.txt and the > > Fixes can be found at http://news.php.net/php.pear.cvs/61264 > > - Helgi