Mandriva- Advisories MDKSA-2007:110: Updated php-pear packages fix directory traversal vulnerability

Mandriva · #1 06-04-2007, 11:08 PM

Advisories MDKSA-2007:110: Updated php-pear packages fix directory traversal vulnerability
A security hole was discovered in all versions of the PEAR Installer
(http://pear.php.net/PEAR). The security hole is the most serious
hole found to date in the PEAR Installer, and would allow a malicious
package to install files anywhere in the filesystem.

The vulnerability only affects users who are installing an
intentionally created package with a malicious intent. Because the
package is easily traced to its source, this is most likely to happen
if a hacker were to compromise a PEAR channel server and alter a
package to install a backdoor. In other words, it must be combined
with other exploits to be a problem.

Updated packages have been patched to prevent this issue.
http://mandrivausers.org/index.php?showtopic=41935
Array
Mon, 04 Jun 2007 22:58:32 +0000

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)