CVE-2011-1072

PEAR < 1.9.2 - Arbitrary File Overwrite via Symlink Attack on package.xml

Title source: llm
STIX 2.1

Description

The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.

References (19)

Core 19
Core References
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/28/5
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/01/7
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43533
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/01/8
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/28/12
Patch x_refsource_confirm
http://news.php.net/php.pear.cvs/61264
Third Party Advisory x_refsource_confirm
http://security-tracker.debian.org/tracker/CVE-2011-1072
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/01/5
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/01/4
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1741.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:187
Exploit x_refsource_confirm
http://pear.php.net/bugs/bug.php?id=18056
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/28/3
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65721
Vendor Advisory x_refsource_confirm
http://pear.php.net/advisory-20110228.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46605
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/01/9

Scores

EPSS 0.0008
EPSS Percentile 22.8%

Details

CWE
CWE-59
Status published
Products (24)
php/pear 0.2.2
php/pear 0.9
php/pear 0.10
php/pear 0.11
php/pear 0.90
php/pear 1.0
php/pear 1.0.1
php/pear 1.1
php/pear 1.2
php/pear 1.2.1
... and 14 more
Published Mar 03, 2011
Tracked Since Feb 18, 2026