CVE-2011-1144

Published: 02 March 2011

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.

Priority

Low

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://svn.php.net/viewvc?view=revision&revision=309042

Notes

AuthorNote
kees
php5 5.3.5 still contains a vulnerable version:
$ grep version /usr/share/php/PEAR.php | tail -n1
* @version    Release: 1.9.1

References