It was reported that the pear utility insecurely used the /tmp/ directory for cache data. A local attacker could use this flaw to perform a symbolic link attack against a user (typically the root user) running a pear command, causing an arbitrary file to be overwritten, possibly leading to a denial of service. Original report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282
Created php-pear tracking bugs for this issue: Affects: fedora-all [bug 1133754]
CVE request: http://www.openwall.com/lists/oss-security/2014/08/26/3
# pear config-get cache_dir /var/cache/php-pear # ll -d /var/cache/php-pear drwxr-xr-x. 2 root root 147456 22 août 08:57 /var/cache/php-pear So /tmp is not used with default provided configuration. So, I think we are not affected by this debian specific issue.
(In reply to Remi Collet from comment #3) > # pear config-get cache_dir > /var/cache/php-pear > > # ll -d /var/cache/php-pear > drwxr-xr-x. 2 root root 147456 22 août 08:57 /var/cache/php-pear > > > So /tmp is not used with default provided configuration. > > So, I think we are not affected by this debian specific issue. Thanks Remi, sorry for not checking that. MITRE assigned CVE-2014-5459 to this issue: http://www.openwall.com/lists/oss-security/2014/08/27/3
Statement: This issue did not affect the versions of php-pear as shipped with Red Hat Enterprise Linux 5, 6 and 7 as well as Red Hat Software Collections as they do not use a world-writable directory for storing PEAR cache data.