Mandrake Local Security Checks : Mandriva Update for php-pear MDVSA-2011:187 (php-pear)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831508
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for php-pear MDVSA-2011:187 (php-pear)
Resumen:	The remote host is missing an update for the 'php-pear'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'php-pear' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been discovered and corrected in php-pear: The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519 (CVE-2011-1072). This advisory provides PEAR 1.9.4 which is not vulnerable to this issue. Additionally for Mandriva Enterprise Server 5 many new or updated PEAR packages is being provided with the latest versions of respective packages as well as mitigating various dependency issues. Affected Software/OS: php-pear on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2519 BugTraq ID: 24111 http://www.securityfocus.com/bid/24111 http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 http://osvdb.org/42108 http://secunia.com/advisories/25372 http://www.ubuntu.com/usn/usn-462-1 http://www.vupen.com/english/advisories/2007/1926 XForce ISS Database: pear-installer-file-overwrite(34482) https://exchange.xforce.ibmcloud.com/vulnerabilities/34482 Common Vulnerability Exposure (CVE) ID: CVE-2011-1072 43533 http://secunia.com/advisories/43533 46605 http://www.securityfocus.com/bid/46605 MDVSA-2011:187 http://www.mandriva.com/security/advisories?name=MDVSA-2011:187 RHSA-2011:1741 http://www.redhat.com/support/errata/RHSA-2011-1741.html [oss-security] 20110228 CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack http://openwall.com/lists/oss-security/2011/02/28/3 [oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack http://openwall.com/lists/oss-security/2011/02/28/12 http://openwall.com/lists/oss-security/2011/02/28/5 [oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack http://openwall.com/lists/oss-security/2011/03/01/4 http://openwall.com/lists/oss-security/2011/03/01/5 http://openwall.com/lists/oss-security/2011/03/01/7 http://openwall.com/lists/oss-security/2011/03/01/8 http://openwall.com/lists/oss-security/2011/03/01/9 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164 http://news.php.net/php.pear.cvs/61264 http://pear.php.net/advisory-20110228.txt http://pear.php.net/bugs/bug.php?id=18056 http://security-tracker.debian.org/tracker/CVE-2011-1072 http://svn.php.net/viewvc?view=revision&revision=308687 pear-pear-installer-symlink(65721) https://exchange.xforce.ibmcloud.com/vulnerabilities/65721
Copyright	Copyright (C) 2011 Greenbone AG