Symlink Vulnerability in PEAR Installer by PEAR
CVE-2011-1144

Currently unrated

Key Information:

Vendor

PHP
Status
Pear
Vendor
CVE Published:
3 March 2011

What is CVE-2011-1144?

The PEAR Installer versions 1.9.2 and earlier are susceptible to a symlink vulnerability that enables local users to overwrite arbitrary files through a maliciously crafted package.xml file. This flaw arises from inadequate protections associated with critical directories such as download_dir, cache_dir, tmp_dir, and pear-build-download. Users must be aware of this vulnerability as it could lead to unauthorized access and potential system compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://openwall.com/lists/oss-security/2011/02/28/5
mailing-listx_refsource_MLIST
http://openwall.com/lists/oss-security/2011/03/01/7
mailing-listx_refsource_MLIST
http://pear.php.net/bugs/bug.php?id=18056
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.