nvd-json-data-feeds/CVE-2007/CVE-2007-25xx/CVE-2007-2519.json

{
  "id": "CVE-2007-2519",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-05-22T19:30:00.000",
  "lastModified": "2024-11-21T00:30:58.697",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0.  NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en el instalador en PEAR 1.0 hasat 1.5.3 permite a atacantes remotos con la intervenci\u00f3n del usuario sobrescribir archivos de su elecci\u00f3n mediante una secuencia .. (punto punto) en (1) el atributo install-as en el elemento fichero (file) en package.xml 1.0 o (2) el atributo as en el elemento instaci\u00f3n (install) en package.xml 2.0. NOTA: podr\u00eda argumentarse que esto no cruza los l\u00edmites de privilegios en instalaciones t\u00edpicas, puesto que el c\u00f3digo que est\u00e1 siendo instalado podr\u00eda realizar las mismas acciones."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "baseScore": 6.8,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": true,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD16518B-EA90-4989-B59A-9E7C9DF3B877"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0419A76C-2783-41E6-8B9D-984099F42454"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49ED21D8-425B-4A96-A323-EA19D902571A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60B41712-9EB6-45F9-B5A3-F01113BE8006"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C050D0-D118-4538-B334-BA23ADC21569"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.2b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ECCACD0-E734-491A-965F-0DF48B4BA253"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.2b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EB4E3E0-6414-46F9-BBEB-DE93FBFA550D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.2b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28735572-3799-47ED-B8D7-2D7A6562CC8D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.2b4:*:*:*:*:*:*:*",
              "matchCriteriaId": "666E73A5-B149-468B-A2C7-DF1705477297"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.2b5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCFA477B-5396-4625-828D-FCBBCA8493FF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C105BB-1F21-44B6-AE8C-7C33E75CF648"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "375954D3-275B-4120-B833-2A83091013C6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC5456B-C8D4-41EF-9944-1ACE6D04FB16"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "64AE9C03-E7E5-4155-815A-70C160E97F56"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3A56EB4-5F2A-4FF9-890A-CA316DE637A5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EB4E0C4-D8F6-4C6D-9574-09DBE3C2D68D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "497E6138-C746-44D9-BE46-5713A3AAFD41"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C38F7A3-640C-4383-8707-7D8155CBABAA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B260EFD-C61A-4DFE-B666-8BE84239A692"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6161A6-E29C-49AF-A4F5-87934C4EEE84"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3b5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC1724F9-8A5B-4126-BABC-22E8603C571A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.3b6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F7D4EDD-5417-42CE-8E30-59499A34BFCB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD19B334-3D0C-4008-A5B5-53FE375B4979"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9BDB709-3887-454D-B874-AFD5FD620731"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B228EA68-3CEE-4880-B060-B333F68794F0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a3:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C10AF9-19B7-4C9F-A489-8C8505D87D49"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a4:*:*:*:*:*:*:*",
              "matchCriteriaId": "87475278-5B8B-4BE2-9167-46734A435B49"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a5:*:*:*:*:*:*:*",
              "matchCriteriaId": "207BBE32-3570-4A02-A743-A3A45C2A28DD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a6:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D06662-08E6-46D8-A05B-9118D795F203"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B6D259D-7AC3-4F4A-A855-64FD8FF7E818"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B6FDA-0165-4268-95BA-915918099733"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B506B9CE-CE74-410D-BEFE-75BDF738872A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D96FCB3D-AC46-43D7-A2E7-CB6BFED37167"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D65E8898-C249-401A-97D4-B4431EC04B00"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0a12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1299C8A2-FB8D-446E-83AC-C78091D14ACF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BFDED6F-D871-4F81-9ADE-D1B6E5A82E61"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF54A7BC-D8EC-4ABC-9552-25BB4D592A93"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "516F5E30-AB29-4AEA-B069-8FEBAF288F46"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.0rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DBDD00D-0D9C-487B-90A0-D61BAB782C88"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "730B3D7E-43AD-4EA6-A3E7-C0424BA61A64"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEFECD3A-4669-4D0C-BC51-AA2B635CB3B4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DF4DAD-7129-493B-B7EA-ADA33F734DB6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "13766879-04DA-42A2-B147-31D69430FE19"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9ADB86D-0655-4289-8644-4DBF76162CA3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA5C847B-FD77-4CB3-BD64-0BDA3EC17A5D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE65B11-B3F2-4CB1-994B-979EA3885B21"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBCE5B14-6A83-44EA-971E-0CEDBBE6203B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9A0E25-9DCB-4ABB-8039-D9261A95CA5F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "84069051-338F-4174-9AEB-C41112B2FFF1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.10rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3401D8C6-5C42-4F59-AA40-7C5D83551E08"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E52E2FA-3A8E-40EF-B57E-ADE9AA9810F7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36CEB135-9EFD-490E-BEBA-F3FA75098463"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.5.0a1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F60E95-5D51-4D06-B4D4-777E78F89D9D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.5.0rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB25D31-BD14-4BAB-8D5C-D297F2C61600"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.5.0rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AEF216F-0ED7-4999-A3A3-285440374773"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.5.0rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2FF8942-4C67-4674-8DE4-F4948C8FD61D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F711A9-EFD7-46A2-B826-19183FBB3FFD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B3F0C6-386E-44B7-85A8-54CE26874384"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:php_group:pear:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCDED4C0-5733-4322-844D-A2085AFD6CA6"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://osvdb.org/42108",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://pear.php.net/advisory-20070507.txt",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://pear.php.net/news/vulnerability2.php",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://secunia.com/advisories/25372",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:110",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/24111",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.ubuntu.com/usn/usn-462-1",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2007/1926",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34482",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://osvdb.org/42108",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://pear.php.net/advisory-20070507.txt",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://pear.php.net/news/vulnerability2.php",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://secunia.com/advisories/25372",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:110",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/bid/24111",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.ubuntu.com/usn/usn-462-1",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2007/1926",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34482",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ],
  "vendorComments": [
    {
      "organization": "Red Hat",
      "comment": "Installation of a PEAR package from an untrusted source could allow malicious code to be installed and potentially executed by the root user.  This is true regardless of the existence of this particular bug in the PEAR installer, so the bug would not be treated as security-sensitive.  As when handling system RPM packages, the root user must always ensure that any packages installed are from a trusted source and have been packaged correctly.",
      "lastModified": "2007-05-24T00:00:00"
    }
  ]
}