CVE-2007-2519

Published May 22, 2007

Last updated 8 years ago

CVSS info 6.8

Overview

Description: Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Vendor comments

Red HatInstallation of a PEAR package from an untrusted source could allow malicious code to be installed and potentially executed by the root user. This is true regardless of the existence of this particular bug in the PEAR installer, so the bug would not be treated as security-sensitive. As when handling system RPM packages, the root user must always ensure that any packages installed are from a trusted source and have been packaged correctly.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD16518B-EA90-4989-B59A-9E7C9DF3B877"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0419A76C-2783-41E6-8B9D-984099F42454"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49ED21D8-425B-4A96-A323-EA19D902571A"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60B41712-9EB6-45F9-B5A3-F01113BE8006"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2C050D0-D118-4538-B334-BA23ADC21569"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.2b1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5ECCACD0-E734-491A-965F-0DF48B4BA253"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.2b2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EB4E3E0-6414-46F9-BBEB-DE93FBFA550D"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.2b3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28735572-3799-47ED-B8D7-2D7A6562CC8D"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.2b4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "666E73A5-B149-468B-A2C7-DF1705477297"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.2b5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCFA477B-5396-4625-828D-FCBBCA8493FF"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6C105BB-1F21-44B6-AE8C-7C33E75CF648"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "375954D3-275B-4120-B833-2A83091013C6"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBC5456B-C8D4-41EF-9944-1ACE6D04FB16"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64AE9C03-E7E5-4155-815A-70C160E97F56"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3A56EB4-5F2A-4FF9-890A-CA316DE637A5"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EB4E0C4-D8F6-4C6D-9574-09DBE3C2D68D"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "497E6138-C746-44D9-BE46-5713A3AAFD41"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3b1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C38F7A3-640C-4383-8707-7D8155CBABAA"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3b2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B260EFD-C61A-4DFE-B666-8BE84239A692"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3b3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA6161A6-E29C-49AF-A4F5-87934C4EEE84"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3b5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC1724F9-8A5B-4126-BABC-22E8603C571A"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.3b6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F7D4EDD-5417-42CE-8E30-59499A34BFCB"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD19B334-3D0C-4008-A5B5-53FE375B4979"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9BDB709-3887-454D-B874-AFD5FD620731"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B228EA68-3CEE-4880-B060-B333F68794F0"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33C10AF9-19B7-4C9F-A489-8C8505D87D49"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87475278-5B8B-4BE2-9167-46734A435B49"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "207BBE32-3570-4A02-A743-A3A45C2A28DD"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13D06662-08E6-46D8-A05B-9118D795F203"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B6D259D-7AC3-4F4A-A855-64FD8FF7E818"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C4B6FDA-0165-4268-95BA-915918099733"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B506B9CE-CE74-410D-BEFE-75BDF738872A"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D96FCB3D-AC46-43D7-A2E7-CB6BFED37167"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D65E8898-C249-401A-97D4-B4431EC04B00"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0a12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1299C8A2-FB8D-446E-83AC-C78091D14ACF"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0b1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BFDED6F-D871-4F81-9ADE-D1B6E5A82E61"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0b2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF54A7BC-D8EC-4ABC-9552-25BB4D592A93"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "516F5E30-AB29-4AEA-B069-8FEBAF288F46"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.0rc2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DBDD00D-0D9C-487B-90A0-D61BAB782C88"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "730B3D7E-43AD-4EA6-A3E7-C0424BA61A64"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEFECD3A-4669-4D0C-BC51-AA2B635CB3B4"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1DF4DAD-7129-493B-B7EA-ADA33F734DB6"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13766879-04DA-42A2-B147-31D69430FE19"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9ADB86D-0655-4289-8644-4DBF76162CA3"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA5C847B-FD77-4CB3-BD64-0BDA3EC17A5D"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BE65B11-B3F2-4CB1-994B-979EA3885B21"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBCE5B14-6A83-44EA-971E-0CEDBBE6203B"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C9A0E25-9DCB-4ABB-8039-D9261A95CA5F"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84069051-338F-4174-9AEB-C41112B2FFF1"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.10rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3401D8C6-5C42-4F59-AA40-7C5D83551E08"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.4.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E52E2FA-3A8E-40EF-B57E-ADE9AA9810F7"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36CEB135-9EFD-490E-BEBA-F3FA75098463"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.5.0a1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05F60E95-5D51-4D06-B4D4-777E78F89D9D"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.5.0rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BB25D31-BD14-4BAB-8D5C-D297F2C61600"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.5.0rc2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AEF216F-0ED7-4999-A3A3-285440374773"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.5.0rc3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2FF8942-4C67-4674-8DE4-F4948C8FD61D"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03F711A9-EFD7-46A2-B826-19183FBB3FFD"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8B3F0C6-386E-44B7-85A8-54CE26874384"
          },
          {
            "criteria": "cpe:2.3:a:php_group:pear:1.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCDED4C0-5733-4322-844D-A2085AFD6CA6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References