![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
CVE request: php-pear, pear's insecure /tmp/ use for cache data
From: Murray McAllister <mmcallis () redhat com>
Date: Tue, 26 Aug 2014 14:50:09 +1000
Hello,It was reported that the pear utility insecurely used the /tmp/ directory for cache data. A local attacker could use this flaw to perform a symbolic link attack against a user (typically the root user) running a pear command (such as "pear install").
Original report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282 Could a CVE please be assigned? Thanks, -- Murray McAllister / Red Hat Product Security
Current thread:
- CVE request: php-pear, pear's insecure /tmp/ use for cache data Murray McAllister (Aug 25)
- Re: CVE request: php-pear, pear's insecure /tmp/ use for cache data cve-assign (Aug 26)