Bug 241218 (CVE-2007-2519)

Summary: CVE-2007-2519 php-pear install root constraint bypass
Product: [Other] Security Response Reporter: Joe Orton <jorton>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecified   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-24 14:02:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joe Orton 2007-05-24 13:47:18 UTC
Description of problem:
http://pear.php.net/advisory-20070507.txt

""
The PEAR installer is available from http://pear.php.net/package/PEAR.
The PEAR installer is used to install PHP-based software packages
distributed from pear.php.net and PHP extensions from pecl.php.net.

Lack of validation of the install-as attribute in package.xml version
1.0 and of the <install> tag in package.xml version 2.0 allows
attackers to install files in any location and possibly overwrite
crucial system files if the PEAR Installer is running as a
privileged user.
""

Comment 1 Joe Orton 2007-05-24 14:02:31 UTC
Installation of a PEAR package from an untrusted source could allow malicious
code to be installed and potentially executed by the root user.  This is true
regardless of the existence of this particular bug in the PEAR installer, so the
bug would not be treated as security-sensitive.  As when handling system RPM
packages, the root user must always ensure that any packages installed are from
a trusted source and have been packaged correctly.