OSVDB ID: 75083

Title: PEAR Installer Multiple Directory Temporary File Symlink Arbitrary File Overwrite

Info

Disclosure

Oct 03, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Feb 28, 2011

Description

The PEAR Installer contains a flaw as the package.xml file creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the download_dir, cache_dir, tmp_dir, and pear-build-download directories to cause the program to unexpectedly overwrite an arbitrary file.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

It has been reported that this issue has been fixed. Upgrade to version 1.9.2, or higher, to address this vulnerability.

Products

The PHP Group

PEAR Installer

1.9.1

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/75083