CVE-2014-5459

Published: 27 September 2014

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

Priority

Negligible

Status

Package Release Status
php-pear
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu.
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Needed

This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu.

Notes

AuthorNote
jdstrand
Upstream states this is a known issue
sbeattie
upstream claims fixed in 1.9.2, but still uses /tmp/pear/
according to debian bug report
mdeslaur
1.9.2+ only a DoS

References

Bugs