PT-2014-6489 · Php+1 · Pear+2

Vladz

Publicado

2014-09-27

Atualizado

2024-06-15

CVE-2014-5459

CVSS v2.0

3.6

Baixa

Vetor

AV:L/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.0 PEAR (affected versions not specified)

Description The issue allows local users to write to arbitrary files via a symlink attack on a rest.cachefile or rest.cacheid file in /tmp/pear/cache. This is related to the retrieveCacheFirst and useLocalCache functions in the PEAR REST class in REST.php.

Recommendations For PHP versions prior to 5.6.0, consider updating to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the /tmp/pear/cache/ directory to minimize the risk of exploitation. Avoid using the retrieveCacheFirst and useLocalCache functions in the PEAR REST class until the issue is resolved.

Exploit

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CVE-2014-5459

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

SUSE-SU-2016:1638-1

Produtos afetados

Pear

Php

Suse

PT-2014-6489 · Php+1 · Pear+2

CVE-2014-5459

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 273