Test ID:	1.3.6.1.4.1.25623.1.0.58389
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:110 (php-pear)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to php-pear announced via advisory MDKSA-2007:110. A security hole was discovered in all versions of the PEAR Installer (http://pear.php.net/PEAR). The security hole is the most serious hole found to date in the PEAR Installer, and would allow a malicious package to install files anywhere in the filesystem. The vulnerability only affects users who are installing an intentionally created package with a malicious intent. Because the package is easily traced to its source, this is most likely to happen if a hacker were to compromise a PEAR channel server and alter a package to install a backdoor. In other words, it must be combined with other exploits to be a problem. Updated packages have been patched to prevent this issue. Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:110 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2519 BugTraq ID: 24111 http://www.securityfocus.com/bid/24111 http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 http://osvdb.org/42108 http://secunia.com/advisories/25372 http://www.ubuntu.com/usn/usn-462-1 http://www.vupen.com/english/advisories/2007/1926 XForce ISS Database: pear-installer-file-overwrite(34482) https://exchange.xforce.ibmcloud.com/vulnerabilities/34482
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.