Date: Tue, 26 Aug 2014 14:50:09 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com CC: 759282@...s.debian.org Subject: CVE request: php-pear, pear's insecure /tmp/ use for cache data Hello, It was reported that the pear utility insecurely used the /tmp/ directory for cache data. A local attacker could use this flaw to perform a symbolic link attack against a user (typically the root user) running a pear command (such as "pear install"). Original report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282 Could a CVE please be assigned? Thanks, -- Murray McAllister / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ