CVE-2007-2519
Published May 22, 2007
Last updated 7 years ago
Overview
- Description
- Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Vendor comments
- Red HatInstallation of a PEAR package from an untrusted source could allow malicious code to be installed and potentially executed by the root user. This is true regardless of the existence of this particular bug in the PEAR installer, so the bug would not be treated as security-sensitive. As when handling system RPM packages, the root user must always ensure that any packages installed are from a trusted source and have been packaged correctly.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php_group:pear:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD16518B-EA90-4989-B59A-9E7C9DF3B877"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0419A76C-2783-41E6-8B9D-984099F42454"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49ED21D8-425B-4A96-A323-EA19D902571A"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60B41712-9EB6-45F9-B5A3-F01113BE8006"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2C050D0-D118-4538-B334-BA23ADC21569"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.2b1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5ECCACD0-E734-491A-965F-0DF48B4BA253"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.2b2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2EB4E3E0-6414-46F9-BBEB-DE93FBFA550D"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.2b3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28735572-3799-47ED-B8D7-2D7A6562CC8D"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.2b4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "666E73A5-B149-468B-A2C7-DF1705477297"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.2b5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCFA477B-5396-4625-828D-FCBBCA8493FF"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6C105BB-1F21-44B6-AE8C-7C33E75CF648"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "375954D3-275B-4120-B833-2A83091013C6"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBC5456B-C8D4-41EF-9944-1ACE6D04FB16"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64AE9C03-E7E5-4155-815A-70C160E97F56"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3A56EB4-5F2A-4FF9-890A-CA316DE637A5"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EB4E0C4-D8F6-4C6D-9574-09DBE3C2D68D"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "497E6138-C746-44D9-BE46-5713A3AAFD41"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3b1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C38F7A3-640C-4383-8707-7D8155CBABAA"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3b2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B260EFD-C61A-4DFE-B666-8BE84239A692"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3b3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA6161A6-E29C-49AF-A4F5-87934C4EEE84"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3b5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC1724F9-8A5B-4126-BABC-22E8603C571A"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.3b6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F7D4EDD-5417-42CE-8E30-59499A34BFCB"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD19B334-3D0C-4008-A5B5-53FE375B4979"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9BDB709-3887-454D-B874-AFD5FD620731"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B228EA68-3CEE-4880-B060-B333F68794F0"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C10AF9-19B7-4C9F-A489-8C8505D87D49"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87475278-5B8B-4BE2-9167-46734A435B49"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "207BBE32-3570-4A02-A743-A3A45C2A28DD"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13D06662-08E6-46D8-A05B-9118D795F203"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B6D259D-7AC3-4F4A-A855-64FD8FF7E818"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C4B6FDA-0165-4268-95BA-915918099733"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B506B9CE-CE74-410D-BEFE-75BDF738872A"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D96FCB3D-AC46-43D7-A2E7-CB6BFED37167"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D65E8898-C249-401A-97D4-B4431EC04B00"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1299C8A2-FB8D-446E-83AC-C78091D14ACF"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0b1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BFDED6F-D871-4F81-9ADE-D1B6E5A82E61"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0b2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF54A7BC-D8EC-4ABC-9552-25BB4D592A93"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0rc1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "516F5E30-AB29-4AEA-B069-8FEBAF288F46"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.0rc2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DBDD00D-0D9C-487B-90A0-D61BAB782C88"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "730B3D7E-43AD-4EA6-A3E7-C0424BA61A64"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AEFECD3A-4669-4D0C-BC51-AA2B635CB3B4"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1DF4DAD-7129-493B-B7EA-ADA33F734DB6"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13766879-04DA-42A2-B147-31D69430FE19"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9ADB86D-0655-4289-8644-4DBF76162CA3"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA5C847B-FD77-4CB3-BD64-0BDA3EC17A5D"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BE65B11-B3F2-4CB1-994B-979EA3885B21"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBCE5B14-6A83-44EA-971E-0CEDBBE6203B"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C9A0E25-9DCB-4ABB-8039-D9261A95CA5F"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84069051-338F-4174-9AEB-C41112B2FFF1"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.10rc1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3401D8C6-5C42-4F59-AA40-7C5D83551E08"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.4.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E52E2FA-3A8E-40EF-B57E-ADE9AA9810F7"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36CEB135-9EFD-490E-BEBA-F3FA75098463"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.5.0a1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05F60E95-5D51-4D06-B4D4-777E78F89D9D"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.5.0rc1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BB25D31-BD14-4BAB-8D5C-D297F2C61600"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.5.0rc2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AEF216F-0ED7-4999-A3A3-285440374773"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.5.0rc3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2FF8942-4C67-4674-8DE4-F4948C8FD61D"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03F711A9-EFD7-46A2-B826-19183FBB3FFD"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8B3F0C6-386E-44B7-85A8-54CE26874384"
},
{
"criteria": "cpe:2.3:a:php_group:pear:1.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCDED4C0-5733-4322-844D-A2085AFD6CA6"
}
],
"operator": "OR"
}
]
}
]