Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Aug 2014 14:50:09 +1000
From: Murray McAllister <>
Subject: CVE request: php-pear, pear's insecure /tmp/ use for cache data


It was reported that the pear utility insecurely used the /tmp/ 
directory for cache data. A local attacker could use this flaw to 
perform a symbolic link attack against a user (typically the root user) 
running a pear command (such as "pear install").

Original report:

Could a CVE please be assigned?


Murray McAllister / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ