2017-10-16 12:31:07 -04:00
{
2019-03-18 03:32:22 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com" ,
"ID" : "CVE-2011-1072" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a" ,
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
} ,
"vendor_name" : "n/a"
}
2017-10-16 12:31:07 -04:00
]
2019-03-18 03:32:22 +00:00
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "n/a"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack" ,
"refsource" : "MLIST" ,
"url" : "http://openwall.com/lists/oss-security/2011/02/28/5"
} ,
{
"name" : "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack" ,
"refsource" : "MLIST" ,
"url" : "http://openwall.com/lists/oss-security/2011/03/01/7"
} ,
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164" ,
"refsource" : "CONFIRM" ,
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164"
} ,
{
"name" : "43533" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/43533"
} ,
{
"name" : "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack" ,
"refsource" : "MLIST" ,
"url" : "http://openwall.com/lists/oss-security/2011/03/01/8"
} ,
{
"name" : "[oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack" ,
"refsource" : "MLIST" ,
"url" : "http://openwall.com/lists/oss-security/2011/02/28/12"
} ,
{
"name" : "http://news.php.net/php.pear.cvs/61264" ,
"refsource" : "CONFIRM" ,
"url" : "http://news.php.net/php.pear.cvs/61264"
} ,
{
"name" : "http://security-tracker.debian.org/tracker/CVE-2011-1072" ,
"refsource" : "CONFIRM" ,
"url" : "http://security-tracker.debian.org/tracker/CVE-2011-1072"
} ,
{
"name" : "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack" ,
"refsource" : "MLIST" ,
"url" : "http://openwall.com/lists/oss-security/2011/03/01/5"
} ,
{
"name" : "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack" ,
"refsource" : "MLIST" ,
"url" : "http://openwall.com/lists/oss-security/2011/03/01/4"
} ,
{
"name" : "RHSA-2011:1741" ,
"refsource" : "REDHAT" ,
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1741.html"
} ,
{
"name" : "MDVSA-2011:187" ,
"refsource" : "MANDRIVA" ,
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:187"
} ,
{
"name" : "http://pear.php.net/bugs/bug.php?id=18056" ,
"refsource" : "CONFIRM" ,
"url" : "http://pear.php.net/bugs/bug.php?id=18056"
} ,
{
"name" : "[oss-security] 20110228 CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack" ,
"refsource" : "MLIST" ,
"url" : "http://openwall.com/lists/oss-security/2011/02/28/3"
} ,
{
"name" : "pear-pear-installer-symlink(65721)" ,
"refsource" : "XF" ,
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65721"
} ,
{
"name" : "http://svn.php.net/viewvc?view=revision&revision=308687" ,
"refsource" : "CONFIRM" ,
"url" : "http://svn.php.net/viewvc?view=revision&revision=308687"
} ,
{
"name" : "http://pear.php.net/advisory-20110228.txt" ,
"refsource" : "CONFIRM" ,
"url" : "http://pear.php.net/advisory-20110228.txt"
} ,
{
"name" : "46605" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/46605"
} ,
{
"name" : "[oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack" ,
"refsource" : "MLIST" ,
"url" : "http://openwall.com/lists/oss-security/2011/03/01/9"
}
]
}
}
