PT-2014-6489 · Php+1 · Pear+2

Vladz

Published

2014-09-27

Updated

2024-06-15

CVE-2014-5459

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.0 PEAR (affected versions not specified)

Description The issue allows local users to write to arbitrary files via a symlink attack on a rest.cachefile or rest.cacheid file in /tmp/pear/cache. This is related to the retrieveCacheFirst and useLocalCache functions in the PEAR REST class in REST.php.

Recommendations For PHP versions prior to 5.6.0, consider updating to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the /tmp/pear/cache/ directory to minimize the risk of exploitation. Avoid using the retrieveCacheFirst and useLocalCache functions in the PEAR REST class until the issue is resolved.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2014-5459

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

SUSE-SU-2016:1638-1

Affected Products

Pear

Php

Suse

PT-2014-6489 · Php+1 · Pear+2

CVE-2014-5459

Weakness Enumeration

Related Identifiers

Affected Products

References · 273