|
|
CVE Reference: CVE-2007-2519 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-2519 |
|
|
Description: Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/34482 UBUNTU http://www.ubuntu.com/usn/usn-462-1 SAID Secunia Advisory: SA25372 OSVDB 42108 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 CONFIRM http://pear.php.net/news/vulnerability2.php http://pear.php.net/advisory-20070507.txt BID 24111 |
|
| Return to the previous page. |
