Bug 241218 - (CVE-2007-2519) CVE-2007-2519 php-pear install root constraint bypass
CVE-2007-2519 php-pear install root constraint bypass
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
Depends On:
  Show dependency treegraph
Reported: 2007-05-24 09:47 EDT by Joe Orton
Modified: 2007-05-24 10:06 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-05-24 10:02:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Joe Orton 2007-05-24 09:47:18 EDT
Description of problem:

The PEAR installer is available from http://pear.php.net/package/PEAR.
The PEAR installer is used to install PHP-based software packages
distributed from pear.php.net and PHP extensions from pecl.php.net.

Lack of validation of the install-as attribute in package.xml version
1.0 and of the <install> tag in package.xml version 2.0 allows
attackers to install files in any location and possibly overwrite
crucial system files if the PEAR Installer is running as a
privileged user.
Comment 1 Joe Orton 2007-05-24 10:02:31 EDT
Installation of a PEAR package from an untrusted source could allow malicious
code to be installed and potentially executed by the root user.  This is true
regardless of the existence of this particular bug in the PEAR installer, so the
bug would not be treated as security-sensitive.  As when handling system RPM
packages, the root user must always ensure that any packages installed are from
a trusted source and have been packaged correctly.

Note You need to log in before you can comment on or make changes to this bug.