Red Hat Bugzilla – Bug 241218
CVE-2007-2519 php-pear install root constraint bypass
Last modified: 2007-05-24 10:06:30 EDT
Description of problem:
The PEAR installer is available from http://pear.php.net/package/PEAR.
The PEAR installer is used to install PHP-based software packages
distributed from pear.php.net and PHP extensions from pecl.php.net.
Lack of validation of the install-as attribute in package.xml version
1.0 and of the <install> tag in package.xml version 2.0 allows
attackers to install files in any location and possibly overwrite
crucial system files if the PEAR Installer is running as a
Installation of a PEAR package from an untrusted source could allow malicious
code to be installed and potentially executed by the root user. This is true
regardless of the existence of this particular bug in the PEAR installer, so the
bug would not be treated as security-sensitive. As when handling system RPM
packages, the root user must always ensure that any packages installed are from
a trusted source and have been packaged correctly.