CVE Vulnerabilities

CVE-2007-2519

Published: May 22, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.

Affected Software

Name Vendor Start Version End Version
Pear Php_group 1.4.0a4 1.4.0a4
Pear Php_group 1.3b5 1.3b5
Pear Php_group 1.2b2 1.2b2
Pear Php_group 1.4.0a10 1.4.0a10
Pear Php_group 1.4.3 1.4.3
Pear Php_group 1.3b6 1.3b6
Pear Php_group 1.3b3 1.3b3
Pear Php_group 1.4.0a6 1.4.0a6
Pear Php_group 1.4.0rc2 1.4.0rc2
Pear Php_group 1.3.3 1.3.3
Pear Php_group 1.5.0a1 1.5.0a1
Pear Php_group 1.4.11 1.4.11
Pear Php_group 1.5.2 1.5.2
Pear Php_group 1.4.0a5 1.4.0a5
Pear Php_group 1.2b4 1.2b4
Pear Php_group 1.4.0a12 1.4.0a12
Pear Php_group 1.4.0a2 1.4.0a2
Pear Php_group 1.5.3 1.5.3
Pear Php_group 1.3.4 1.3.4
Pear Php_group 1.4.0b1 1.4.0b1
Pear Php_group 1.3.5 1.3.5
Pear Php_group 1.5.1 1.5.1
Pear Php_group 1.4.8 1.4.8
Pear Php_group 1.3b2 1.3b2
Pear Php_group 1.2b3 1.2b3
Pear Php_group 1.0 1.0
Pear Php_group 1.3.6 1.3.6
Pear Php_group 1.3.1 1.3.1
Pear Php_group 1.4.1 1.4.1
Pear Php_group 1.4.0a8 1.4.0a8
Pear Php_group 1.4.0a3 1.4.0a3
Pear Php_group 1.4.0rc1 1.4.0rc1
Pear Php_group 1.3.3.1 1.3.3.1
Pear Php_group 1.5.0rc2 1.5.0rc2
Pear Php_group 1.4.5 1.4.5
Pear Php_group 1.2b1 1.2b1
Pear Php_group 1.2 1.2
Pear Php_group 1.3 1.3
Pear Php_group 1.4.2 1.4.2
Pear Php_group 1.5.0rc3 1.5.0rc3
Pear Php_group 1.4.0a9 1.4.0a9
Pear Php_group 1.5.0 1.5.0
Pear Php_group 1.2b5 1.2b5
Pear Php_group 1.4.0b2 1.4.0b2
Pear Php_group 1.4.0a11 1.4.0a11
Pear Php_group 1.4.10rc1 1.4.10rc1
Pear Php_group 1.4.0a1 1.4.0a1
Pear Php_group 1.4.7 1.4.7
Pear Php_group 1.4.0a7 1.4.0a7
Pear Php_group 1.2.1 1.2.1
Pear Php_group 1.4.0 1.4.0
Pear Php_group 1.0.1 1.0.1
Pear Php_group 1.4.10 1.4.10
Pear Php_group 1.5.0rc1 1.5.0rc1
Pear Php_group 1.4.4 1.4.4
Pear Php_group 1.1 1.1
Pear Php_group 1.3b1 1.3b1
Pear Php_group 1.4.6 1.4.6
Pear Php_group 1.4.9 1.4.9

References