National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-2519 Detail

Description

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.

Source:  MITRE      Last Modified:  05/22/2007

Quick Info

CVE Dictionary Entry:
CVE-2007-2519
Original release date:
05/22/2007
Last revised:
07/28/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
6.8 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable - Victim must voluntarily interact with attack mechanism
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (05/24/2007)

Installation of a PEAR package from an untrusted source could allow malicious code to be installed and potentially executed by the root user. This is true regardless of the existence of this particular bug in the PEAR installer, so the bug would not be treated as security-sensitive. As when handling system RPM packages, the root user must always ensure that any packages installed are from a trusted source and have been packaged correctly.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://pear.php.net/advisory-20070507.txt Exploit; Patch; Vendor Advisory External Source CONFIRM http://pear.php.net/advisory-20070507.txt
http://pear.php.net/news/vulnerability2.php External Source CONFIRM http://pear.php.net/news/vulnerability2.php
http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 External Source MANDRIVA MDKSA-2007:110
http://www.securityfocus.com/bid/24111 External Source BID 24111
http://www.ubuntu.com/usn/usn-462-1 External Source UBUNTU USN-462-1
http://www.vupen.com/english/advisories/2007/1926 External Source VUPEN ADV-2007-1926
https://exchange.xforce.ibmcloud.com/vulnerabilities/34482 External Source XF pear-installer-file-overwrite(34482)

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:php_group:pear:1.0:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.2:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.2b1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.2b2:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.2b3:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.2b4:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.2b5:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3b1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3b2:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3b3:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3b5:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.3b6:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a2:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a3:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a4:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a5:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a6:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a7:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a8:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a9:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a10:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a11:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0a12:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0b1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0b2:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0rc1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.0rc2:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.10rc1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.5.0a1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.5.0rc1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.5.0rc2:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.5.0rc3:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:php_group:pear:1.5.3:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 3 change records found - show changes