Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2005-4154

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.

Related bugs and status

CVE-2005-4154 (Candidate) is related to these bugs:

Bug #24363: php-pear: pear upgrade-all gives me Fatal error: Cannot instantiate

Summary				In	Importance	Status
	24363	php-pear: pear upgrade-all gives me Fatal error: Cannot instantiate		php5 (Ubuntu)	High	Invalid
	24363	php-pear: pear upgrade-all gives me Fatal error: Cannot instantiate		php5 (Debian)	Unknown	Fix Released

Bug #24857: PHP 5.0.5 fixes security bugs

Summary				In	Importance	Status
	24857	PHP 5.0.5 fixes security bugs		php5 (Ubuntu)	High	Fix Released
	24857	PHP 5.0.5 fixes security bugs		php5 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://pear.php.net/ad...
SECTRACK: 1015161
SECUNIA: 17563
VUPEN: ADV-2005-2444
XF: pear-installer-code-ex...