Bug 241218 (CVE-2007-2519) - CVE-2007-2519 php-pear install root constraint bypass
Summary: CVE-2007-2519 php-pear install root constraint bypass
Alias: CVE-2007-2519
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-05-24 13:47 UTC by Joe Orton
Modified: 2007-05-24 14:06 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-05-24 14:02:31 UTC

Attachments (Terms of Use)

Description Joe Orton 2007-05-24 13:47:18 UTC
Description of problem:

The PEAR installer is available from http://pear.php.net/package/PEAR.
The PEAR installer is used to install PHP-based software packages
distributed from pear.php.net and PHP extensions from pecl.php.net.

Lack of validation of the install-as attribute in package.xml version
1.0 and of the <install> tag in package.xml version 2.0 allows
attackers to install files in any location and possibly overwrite
crucial system files if the PEAR Installer is running as a
privileged user.

Comment 1 Joe Orton 2007-05-24 14:02:31 UTC
Installation of a PEAR package from an untrusted source could allow malicious
code to be installed and potentially executed by the root user.  This is true
regardless of the existence of this particular bug in the PEAR installer, so the
bug would not be treated as security-sensitive.  As when handling system RPM
packages, the root user must always ensure that any packages installed are from
a trusted source and have been packaged correctly.

Note You need to log in before you can comment on or make changes to this bug.