Oval Definition:oval:org.opensuse.security:def:20072519
Revision Date:2017-09-27Version:1
Title:CVE-2007-2519
Description:

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2007-2519
Platform(s):SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
Product(s):
Definition Synopsis
  • sles10-sp3-ltss is installed
  • AND Package Information
  • apache2-mod_php5 less than 5.2.14-0.42.1
  • OR php5-bcmath less than 5.2.14-0.42.1
  • OR php5-bz2 less than 5.2.14-0.42.1
  • OR php5-calendar less than 5.2.14-0.42.1
  • OR php5-ctype less than 5.2.14-0.42.1
  • OR php5-curl less than 5.2.14-0.42.1
  • OR php5-dba less than 5.2.14-0.42.1
  • OR php5-dbase less than 5.2.14-0.42.1
  • OR php5-devel less than 5.2.14-0.42.1
  • OR php5-dom less than 5.2.14-0.42.1
  • OR php5-exif less than 5.2.14-0.42.1
  • OR php5-fastcgi less than 5.2.14-0.42.1
  • OR php5-ftp less than 5.2.14-0.42.1
  • OR php5-gd less than 5.2.14-0.42.1
  • OR php5-gettext less than 5.2.14-0.42.1
  • OR php5-gmp less than 5.2.14-0.42.1
  • OR php5-hash less than 5.2.14-0.42.1
  • OR php5-iconv less than 5.2.14-0.42.1
  • OR php5-imap less than 5.2.14-0.42.1
  • OR php5-json less than 5.2.14-0.42.1
  • OR php5-ldap less than 5.2.14-0.42.1
  • OR php5-mbstring less than 5.2.14-0.42.1
  • OR php5-mcrypt less than 5.2.14-0.42.1
  • OR php5-mhash less than 5.2.14-0.42.1
  • OR php5-mysql less than 5.2.14-0.42.1
  • OR php5-ncurses less than 5.2.14-0.42.1
  • OR php5-odbc less than 5.2.14-0.42.1
  • OR php5-openssl less than 5.2.14-0.42.1
  • OR php5-pcntl less than 5.2.14-0.42.1
  • OR php5-pdo less than 5.2.14-0.42.1
  • OR php5-pear less than 5.2.14-0.42.1
  • OR php5-pgsql less than 5.2.14-0.42.1
  • OR php5-posix less than 5.2.14-0.42.1
  • OR php5-pspell less than 5.2.14-0.42.1
  • OR php5-shmop less than 5.2.14-0.42.1
  • OR php5-snmp less than 5.2.14-0.42.1
  • OR php5-soap less than 5.2.14-0.42.1
  • OR php5-sockets less than 5.2.14-0.42.1
  • OR php5-sqlite less than 5.2.14-0.42.1
  • OR php5-suhosin less than 5.2.14-0.42.1
  • OR php5-sysvmsg less than 5.2.14-0.42.1
  • OR php5-sysvsem less than 5.2.14-0.42.1
  • OR php5-sysvshm less than 5.2.14-0.42.1
  • OR php5-tokenizer less than 5.2.14-0.42.1
  • OR php5-wddx less than 5.2.14-0.42.1
  • OR php5-xmlreader less than 5.2.14-0.42.1
  • OR php5-xmlrpc less than 5.2.14-0.42.1
  • OR php5-xsl less than 5.2.14-0.42.1
  • OR php5-zlib less than 5.2.14-0.42.1
    • BACK