Mandriva Update For Php-pear MDKSA-2007:110 (php-pear) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A security hole was discovered in all versions of the PEAR Installer http://pear.php.net/PEAR hole found to date in the PEAR Installer, and would allow a malicious package to install files anywhere in the filesystem. The vulnerability only affects users who are installing an intentionally created package with a malicious intent. Because the package is easily traced to its source, this is most likely to happen if a hacker were to compromise a PEAR channel server and alter a package to install a backdoor. In other words, it must be combined with other exploits to be a problem. Updated packages have been patched to prevent this issue.

Affected

php-pear on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-2519

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:068 (poppler)
Mandrake Security Advisory MDVSA-2009:175 (pango)
Mandrake Security Advisory MDVSA-2009:018 (tomcat5)
Mandrake Security Advisory MDVSA-2009:032 (kernel)
Mandrake Security Advisory MDVSA-2009:122 (squirrelmail)

Mandriva Update for php-pear MDKSA-2007:110 (php-pear)

Take action and discover your vulnerabilities