Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4154

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-4154
Last Modified 12 Apr 2011 12:00:00
Published 10 Dec 2005 09:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-4154

Summary

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.

Vulnerable Systems

Application

  • Php Pear 0.10

  • Php Pear 0.11

  • Php Pear 0.9

  • Php Pear 0.90

  • Php Pear 1.0

  • Php Pear 1.0.1

  • Php Pear 1.0b1

  • Php Pear 1.0b2

  • Php Pear 1.0b3

  • Php Pear 1.1

  • Php Pear 1.2

  • Php Pear 1.2.1

  • Php Pear 1.2b1

  • Php Pear 1.2b2

  • Php Pear 1.2b3

  • Php Pear 1.2b4

  • Php Pear 1.2b5

  • Php Pear 1.3

  • Php Pear 1.3.1

  • Php Pear 1.3.3

  • Php Pear 1.3.3.1

  • Php Pear 1.3.4

  • Php Pear 1.3.5

  • Php Pear 1.3.6

  • Php Pear 1.3b1

  • Php Pear 1.3b2

  • Php Pear 1.3b3

  • Php Pear 1.3b5

  • Php Pear 1.3b6

  • Php Pear 1.4.0

  • Php Pear 1.4.0a1

  • Php Pear 1.4.0a10

  • Php Pear 1.4.0a11

  • Php Pear 1.4.0a12

  • Php Pear 1.4.0a2

  • Php Pear 1.4.0a3

  • Php Pear 1.4.0a4

  • Php Pear 1.4.0a5

  • Php Pear 1.4.0a6

  • Php Pear 1.4.0a7

  • Php Pear 1.4.0a8

  • Php Pear 1.4.0a9

  • Php Pear 1.4.1

  • Php Pear 1.4.2


References

XF - pear-installer-code-execution(23021)

SECTRACK - 1015161

SECUNIA - 17563

CONFIRM - http://pear.php.net/advisory-20051104.txt

VUPEN - ADV-2005-2444


Last Updated: 27 May 2016 10:41:12