CVE-2011-1072
published 2011-03-03CVE-2011-1072: The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1)…
PriorityP411low3.3CVSS 2.0
AVLACMAuNCNIPAP
EPSS
0.49%
38.5th percentile
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | pear | <= 1.9.2 | — |
| php | pear | <= 1.9.1 | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
| php | pear | — | — |
CVSS provenance
nvdv2.03.3LOWAV:L/AC:M/Au:N/C:N/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m3xj-59h7-ggx6: The installer in PEAR 1
ghsa_unreviewed·2022-05-13·CVSS 3.3
CVE-2011-1144 [LOW] CWE-59 GHSA-m3xj-59h7-ggx6: The installer in PEAR 1
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.
GHSA
GHSA-pm7p-73v9-hmx9: The installer in PEAR before 1
ghsa_unreviewed·2022-05-13·CVSS 6.8
CVE-2011-1072 [MEDIUM] CWE-59 GHSA-pm7p-73v9-hmx9: The installer in PEAR before 1
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
Ubuntu
PHP Regressions
vendor_ubuntu·2011-05-05·CVSS 5.0
CVE-2010-4697 [MEDIUM] PHP Regressions
Title: PHP Regressions
Summary: USN 1126-1 introduced two regressions in PHP.
USN 1126-1 fixed several vulnerabilities in PHP. The fix for
CVE-2010-4697 introduced an incorrect reference counting regression
in the Zend engine that caused the PHP interpreter to segfault. This
regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.
The fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression
in the PEAR installer that prevented it from creating its cache
directory and reporting errors correctly.
We apologize for the inconvenience.
Original advisory details:
Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for
PHP 5.3.5 allows local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. (CVE-2011-0441)
Raphael Geisert and Dan R
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2011-04-29·CVSS 5.0
CVE-2011-0421 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Multiple vulnerabilities in PHP.
Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for
PHP 5.3.5 allows local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. (CVE-2011-0441)
Raphael Geisert and Dan Rosenberg discovered that the PEAR installer
allows local users to overwrite arbitrary files via a symlink attack on
the package.xml file, related to the (1) download_dir, (2) cache_dir,
(3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,
CVE-2011-1144)
Ben Schmidt discovered that a use-after-free vulnerability in the PHP
Zend engine could allow an attacker to cause a denial of service (heap
memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)
Martin Barbella disco
Red Hat
php-pear: symlink vulnerability in PEAR installer
vendor_redhat·2010-11-14·CVSS 6.8
CVE-2011-1072 [MEDIUM] php-pear: symlink vulnerability in PEAR installer
php-pear: symlink vulnerability in PEAR installer
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
Package: php-pear (Red Hat Enterprise Linux 5) - Not affected
Red Hat
php-pear: symlink vulnerability in PEAR installer
vendor_redhat·2010-11-14·CVSS 3.3
CVE-2011-1144 [LOW] php-pear: symlink vulnerability in PEAR installer
php-pear: symlink vulnerability in PEAR installer
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.
Package: php-pear (Red Hat Enterprise Linux 5) - Not affected
Package: php-pear (Red Hat Enterprise Linux 6) - Affected
No detection rules found.
Bugzilla
CVE-2011-1072 php-pear: symlink vulnerability in PEAR installer [fedora-all]
bugzilla·2011-03-03·CVSS 3.3
CVE-2011-1072 [LOW] CVE-2011-1072 php-pear: symlink vulnerability in PEAR installer [fedora-all]
CVE-2011-1072 php-pear: symlink vulnerability in PEAR installer [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=681982
Please note: this issue affects multip
Bugzilla
CVE-2011-1072 CVE-2011-1144 php-pear: symlink vulnerability in PEAR installer
bugzilla·2011-03-03·CVSS 6.8
CVE-2011-1072 [MEDIUM] CVE-2011-1072 CVE-2011-1144 php-pear: symlink vulnerability in PEAR installer
CVE-2011-1072 CVE-2011-1144 php-pear: symlink vulnerability in PEAR installer
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1072 to
the following vulnerability:
Name: CVE-2011-1072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1072
Assigned: 20110224
Reference: http://openwall.com/lists/oss-security/2011/02/28/3
Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164
Reference: http://news.php.net/php.pear.cvs/61264
Reference: http://pear.php.net/advisory-20110228.txt
Reference: http://pear.php.net/bugs/bug.php?id=18056
Reference: http://security-tracker.debian.org/tracker/CVE-2011-1072
Reference: http://svn.php.net/viewvc?view=revision&revision=308687
Reference: http://www.securityfocus.com/bid/46605
Reference: http://secunia.com/advisorie
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164http://news.php.net/php.pear.cvs/61264http://openwall.com/lists/oss-security/2011/02/28/12http://openwall.com/lists/oss-security/2011/02/28/3http://openwall.com/lists/oss-security/2011/02/28/5http://openwall.com/lists/oss-security/2011/03/01/4http://openwall.com/lists/oss-security/2011/03/01/5http://openwall.com/lists/oss-security/2011/03/01/7http://openwall.com/lists/oss-security/2011/03/01/8http://openwall.com/lists/oss-security/2011/03/01/9http://pear.php.net/advisory-20110228.txthttp://pear.php.net/bugs/bug.php?id=18056http://secunia.com/advisories/43533http://security-tracker.debian.org/tracker/CVE-2011-1072http://svn.php.net/viewvc?view=revision&revision=308687http://www.mandriva.com/security/advisories?name=MDVSA-2011:187http://www.redhat.com/support/errata/RHSA-2011-1741.htmlhttp://www.securityfocus.com/bid/46605https://exchange.xforce.ibmcloud.com/vulnerabilities/65721http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164http://news.php.net/php.pear.cvs/61264http://openwall.com/lists/oss-security/2011/02/28/12http://openwall.com/lists/oss-security/2011/02/28/3http://openwall.com/lists/oss-security/2011/02/28/5http://openwall.com/lists/oss-security/2011/03/01/4http://openwall.com/lists/oss-security/2011/03/01/5http://openwall.com/lists/oss-security/2011/03/01/7http://openwall.com/lists/oss-security/2011/03/01/8http://openwall.com/lists/oss-security/2011/03/01/9http://pear.php.net/advisory-20110228.txthttp://pear.php.net/bugs/bug.php?id=18056http://secunia.com/advisories/43533http://security-tracker.debian.org/tracker/CVE-2011-1072http://svn.php.net/viewvc?view=revision&revision=308687http://www.mandriva.com/security/advisories?name=MDVSA-2011:187http://www.redhat.com/support/errata/RHSA-2011-1741.htmlhttp://www.securityfocus.com/bid/46605https://exchange.xforce.ibmcloud.com/vulnerabilities/65721
2011-03-03
Published