Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:1741

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70481

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:1741

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:1741.

The php-pear package contains the PHP Extension and Application Repository
(PEAR), a framework and distribution system for reusable PHP components.

It was found that the pear command created temporary files in an insecure
way when installing packages. A malicious, local user could use this flaw
to conduct a symbolic link attack, allowing them to overwrite the contents
of arbitrary files accessible to the victim running the pear install
command. (CVE-2011-1072)

This update also fixes the following bugs:

* The php-pear package has been upgraded to version 1.9.4, which provides a
number of bug fixes over the previous version. (BZ#651897)

* Prior to this update, php-pear created a cache in the
/var/cache/php-pear/ directory when attempting to list all packages. As a
consequence, php-pear failed to create or update the cache file as a
regular user without sufficient file permissions and could not list all
packages. With this update, php-pear no longer fails if writing to the
cache directory is not permitted. Now, all packages are listed as expected.
(BZ#747361)

All users of php-pear are advised to upgrade to this updated package, which
corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-1741.html

Risk factor : Low

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1072
BugTraq ID: 46605
http://www.securityfocus.com/bid/46605
http://www.mandriva.com/security/advisories?name=MDVSA-2011:187
http://openwall.com/lists/oss-security/2011/02/28/3
http://openwall.com/lists/oss-security/2011/02/28/12
http://openwall.com/lists/oss-security/2011/02/28/5
http://openwall.com/lists/oss-security/2011/03/01/4
http://openwall.com/lists/oss-security/2011/03/01/5
http://openwall.com/lists/oss-security/2011/03/01/7
http://openwall.com/lists/oss-security/2011/03/01/8
http://openwall.com/lists/oss-security/2011/03/01/9
http://www.redhat.com/support/errata/RHSA-2011-1741.html
http://secunia.com/advisories/43533
XForce ISS Database: pear-pear-installer-symlink(65721)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65721

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70481
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:1741
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:1741. The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components. It was found that the pear command created temporary files in an insecure way when installing packages. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the pear install command. (CVE-2011-1072) This update also fixes the following bugs: * The php-pear package has been upgraded to version 1.9.4, which provides a number of bug fixes over the previous version. (BZ#651897) * Prior to this update, php-pear created a cache in the /var/cache/php-pear/ directory when attempting to list all packages. As a consequence, php-pear failed to create or update the cache file as a regular user without sufficient file permissions and could not list all packages. With this update, php-pear no longer fails if writing to the cache directory is not permitted. Now, all packages are listed as expected. (BZ#747361) All users of php-pear are advised to upgrade to this updated package, which corrects these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1741.html Risk factor : Low
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1072 BugTraq ID: 46605 http://www.securityfocus.com/bid/46605 http://www.mandriva.com/security/advisories?name=MDVSA-2011:187 http://openwall.com/lists/oss-security/2011/02/28/3 http://openwall.com/lists/oss-security/2011/02/28/12 http://openwall.com/lists/oss-security/2011/02/28/5 http://openwall.com/lists/oss-security/2011/03/01/4 http://openwall.com/lists/oss-security/2011/03/01/5 http://openwall.com/lists/oss-security/2011/03/01/7 http://openwall.com/lists/oss-security/2011/03/01/8 http://openwall.com/lists/oss-security/2011/03/01/9 http://www.redhat.com/support/errata/RHSA-2011-1741.html http://secunia.com/advisories/43533 XForce ISS Database: pear-pear-installer-symlink(65721) https://exchange.xforce.ibmcloud.com/vulnerabilities/65721
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com