cpe:/a:php:pear:0.2.2 cpe:/a:php:pear:0.9 cpe:/a:php:pear:0.10 cpe:/a:php:pear:0.11 cpe:/a:php:pear:0.90 cpe:/a:php:pear:1.0 cpe:/a:php:pear:1.0.1 cpe:/a:php:pear:1.0b1 cpe:/a:php:pear:1.0b2 cpe:/a:php:pear:1.0b3 cpe:/a:php:pear:1.1 cpe:/a:php:pear:1.2 cpe:/a:php:pear:1.2.1 cpe:/a:php:pear:1.2b1 cpe:/a:php:pear:1.2b2 cpe:/a:php:pear:1.2b3 cpe:/a:php:pear:1.2b4 cpe:/a:php:pear:1.2b5 cpe:/a:php:pear:1.3 cpe:/a:php:pear:1.3.1 cpe:/a:php:pear:1.3.3 cpe:/a:php:pear:1.3.3.1 cpe:/a:php:pear:1.3.4 cpe:/a:php:pear:1.3.5 cpe:/a:php:pear:1.3.6 cpe:/a:php:pear:1.3b1 cpe:/a:php:pear:1.3b2 cpe:/a:php:pear:1.3b3 cpe:/a:php:pear:1.3b5 cpe:/a:php:pear:1.3b6 cpe:/a:php:pear:1.4.0 cpe:/a:php:pear:1.4.0:rc1 cpe:/a:php:pear:1.4.0:rc2 cpe:/a:php:pear:1.4.0a1 cpe:/a:php:pear:1.4.0a2 cpe:/a:php:pear:1.4.0a3 cpe:/a:php:pear:1.4.0a4 cpe:/a:php:pear:1.4.0a5 cpe:/a:php:pear:1.4.0a6 cpe:/a:php:pear:1.4.0a7 cpe:/a:php:pear:1.4.0a8 cpe:/a:php:pear:1.4.0a9 cpe:/a:php:pear:1.4.0a10 cpe:/a:php:pear:1.4.0a11 cpe:/a:php:pear:1.4.0a12 cpe:/a:php:pear:1.4.1 cpe:/a:php:pear:1.4.2 cpe:/a:php:pear:1.5.0 cpe:/a:php:pear:1.5.1 cpe:/a:php:pear:1.6.1 cpe:/a:php:pear:1.9.1 CVE-2011-1072 2011-03-02T20:00:01.257-05:00 2017-08-16T21:33:49.620-04:00 3.3 LOCAL MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2011-03-03T09:39:00.000-05:00 SECUNIA 43533 BID 46605 MANDRIVA MDVSA-2011:187 REDHAT RHSA-2011:1741 MLIST [oss-security] 20110228 CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack MLIST [oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack MLIST [oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546164 CONFIRM http://news.php.net/php.pear.cvs/61264 CONFIRM http://pear.php.net/advisory-20110228.txt CONFIRM http://pear.php.net/bugs/bug.php?id=18056 CONFIRM http://security-tracker.debian.org/tracker/CVE-2011-1072 CONFIRM http://svn.php.net/viewvc?view=revision&revision=308687 XF pear-pear-installer-symlink(65721) The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.