Date: Mon, 28 Feb 2011 14:40:36 -0500 From: Dan Rosenberg <dan.j.rosenberg@...il.com> To: oss-security@...ts.openwall.com Cc: Helgi Þormar Þorbjörnsson <helgi@....net> Subject: Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack I'm not familiar with this code or any of the context surrounding this fix, but it appears to be an incomplete fix. Checking for existence of a symlink and then opening the resource leaves open a window during which a legitimate file can be replaced with a symlink. Also, I don't see a reason why a hard link couldn't be used for exploitation instead. -Dan 2011/2/28 Helgi Þormar Þorbjörnsson <helgi@....net>: > The lack of symlink checks in the PEAR installer 1.9.1 <= while doing > installation and upgrades, which initiate various system write > operations, can cause privileged users unknowingly to overwrite > critical system files. > > Further information can be found in this temporary advisory > http://pear.php.net/advisory-20110228.txt and the > > Fixes can be found at http://news.php.net/php.pear.cvs/61264 > > - Helgi >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ