You can clone with
Cannot retrieve contributors at this time
SECURITY VULNERABILITY ANNOUNCEMENTFebruary 28, 2011 Advisory: PEAR installer symlink vulnerability Release Date: 2011/02/28Last Modified: 2011/02/28 Author: Helgi Thormar Thorbjoernsson [email@example.com] Application: PEAR installer <= 1.9.1 Risk: MediumVendor Status: The PEAR project has released an updated version References: http://pear.php.net/advisory-20110228.txt ID: PSA 20110228-01Overview: The PEAR installer is available from http://pear.php.net/package/PEAR.The PEAR installer is used to install PHP-based software packagesdistributed from pear.php.net and PHP extensions from pecl.php.net. Asof version 1.4.0, the PEAR installer can also install software packagesfrom other sources, known as "channels."The lack of symlink checks while doing installation and upgrades, whichinitiate various system write operations, can cause privileged usersunknowingly to overwrite critical system files.Details: To be vulnerable, a non-privileged user that has access to the system mustexplicitly create a symlink from a predictable location, to which PEAR willwrite, with an end point at a system critical file such as /etc/passwd.A non-privileged user is not required to have permission to the symlinkendpoint, the required privileges are obtained by asking a privilegeduser to perform a routine task, such as installation or upgrade of packages,which will in turn write to a predictable location; the whole process istransparent for the privileged user and will in turn write to the symbolicallylinked endpoint.It is not possible to inject arbitrary information with this approach, it isonly possible to overwrite symlinked files with one of the files coming fromthe PEAR package being installed/updated.The following steps have been taken to fix the problem at hand: * tmpnam has been put in use to ensure fairly non-predictible paths * Proper symlink checks have been put in place and a warning is issued if a write operation happens on a symlink as well as the operation is cancelledFurther information about how symlink attacks work can be found athttp://www.infosecwriters.com/texts.php?op=display&id=159Recommendation: We strongly recommend to upgrade to the new version PEAR 1.9.2 or higher pear upgrade PEAR-1.9.2 http://pear.php.net/get/PEAR-1.9.2.tgzThanks to Raphael Geisert, Ondrej Sury and rest of the Debian team.