CVE-2005-4154

Description

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.

Affected products

• php / pear1.4.2
• php / pear0.9 – 0.9
• php / pear0.10 – 0.10
• php / pear0.11 – 0.11
• php / pear0.90 – 0.90
• php / pear1.0 – 1.0
• php / pear1.0.1 – 1.0.1
• php / pear1.1 – 1.1
• php / pear1.2 – 1.2
• php / pear1.2.1 – 1.2.1
• php / pear1.3 – 1.3
• php / pear1.3.1 – 1.3.1
• php / pear1.3.3 – 1.3.3
• php / pear1.3.3.1 – 1.3.3.1
• php / pear1.3.4 – 1.3.4
• php / pear1.3.5 – 1.3.5
• php / pear1.3.6 – 1.3.6
• php / pear1.4.0 – 1.4.0
• php / pear1.4.0 – 1.4.0
• php / pear1.4.0 – 1.4.0
• php / pear1.4.1 – 1.4.1

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/23021
• VENDOR_ADVISORYhttp://secunia.com/advisories/17563/
• MISChttp://securitytracker.com/alerts/2005/Nov/1015161.html
• MISChttp://pear.php.net/advisory-20051104.txt
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2005/2444