1. CVE-Search
  2. CVE-2007-2519
ID CVE-2007-2519
Summary Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
References
Vulnerable Configurations
  • cpe:2.3:a:php_group:pear:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.2b1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.2b1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.2b2:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.2b2:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.2b3:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.2b3:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.2b4:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.2b4:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.2b5:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.2b5:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3b1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3b1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3b2:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3b2:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3b3:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3b3:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3b5:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3b5:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.3b6:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.3b6:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a2:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a2:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a3:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a3:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a4:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a4:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a5:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a5:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a6:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a6:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a7:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a7:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a8:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a8:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a9:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a9:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a10:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a10:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a11:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a11:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0a12:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0a12:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0b1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0b1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0b2:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0b2:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0rc1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.0rc2:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.0rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.10rc1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.10rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.5.0a1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.5.0a1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.5.0rc1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.5.0rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.5.0rc2:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.5.0rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.5.0rc3:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.5.0rc3:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php_group:pear:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:php_group:pear:1.5.3:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 24111
confirm
mandriva MDKSA-2007:110
osvdb 42108
secunia 25372
ubuntu USN-462-1
vupen ADV-2007-1926
xf pear-installer-file-overwrite(34482)
statements via4
contributor Mark J Cox
lastmodified 2007-05-24
organization Red Hat
statement Installation of a PEAR package from an untrusted source could allow malicious code to be installed and potentially executed by the root user. This is true regardless of the existence of this particular bug in the PEAR installer, so the bug would not be treated as security-sensitive. As when handling system RPM packages, the root user must always ensure that any packages installed are from a trusted source and have been packaged correctly.
Last major update 29-07-2017 - 01:31
Published 22-05-2007 - 19:30
Last modified 29-07-2017 - 01:31
Back to Top