CVE-2006-0869

Name of the Vulnerable Software and Affected Versions PHP Extension and Application Repository (PEAR) LiveUser versions 0.16.8 and earlier

Description A directory traversal issue exists in the "remember me" feature of liveuser.php, allowing remote attackers to determine file existence. Attackers may also be able to delete arbitrary files with short pathnames or read arbitrary files by using a .. (dot dot) in the store id value of a cookie.

Recommendations For PHP Extension and Application Repository (PEAR) LiveUser versions 0.16.8 and earlier, consider disabling the "remember me" feature in liveuser.php until a patch is available. Restrict access to the store id value of a cookie to minimize the risk of exploitation.