PHP PEAR INSTALL-AS Attribute Arbitrary File Overwrite Vulnerability

Bugtraq ID: 24111
Class: Input Validation Error
CVE: CVE-2007-2519
Remote: Yes
Local: No
Published: May 07 2007 12:00AM
Updated: Jun 05 2007 09:20AM
Credit: Gregory Beaver [cellog@php.net] discovered this issue.
Vulnerable: Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
PEAR PEAR 1.5.3
PEAR PEAR 1.4.3
PEAR PEAR 1.4.2
PEAR PEAR 1.4.1
PEAR PEAR 1.4
PEAR PEAR 1.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
Mandriva Linux Mandrake 2007.0 x86_64
Mandriva Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Not Vulnerable: PEAR PEAR 1.5.4


 

Privacy Statement
Copyright 2010, SecurityFocus