Apache2Triad Help, Support and Development Forum Index Search Profile Log in to check your private messages Log in Register Memberlist Attachments Statistics Crew/Ranks Archive
 Apache2Triad Insecure PEAR Installer Security Issue
Google
Post new topic Reply to topic
Author Message
Vlad Alexa Mancini
lead developer
lead developer


Joined: 07 Jul 2003
Posts: 1539

PostPosted: Thu Jan 12, 2006 9:46 am Reply with quoteBack to top

The proxy server feature in go-pear.php in PHP PEAR 0.2.2 allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0144

Gammarays has reported a security issue in Apache2Triad, which potentially can be exploited by malicious people to compromise a vulnerable system.

The problem is that the PEAR installer Go-PEAR is stored insecurely in "php/pear/go-pear.php" inside the web root. This can be exploited to execute arbitrary PHP code by configuring the installer to use a malicious proxy server when downloading files.

Solution:
Upgrade to a Apache2Triad 1.x.4 release
View user's profileSend private message
Isabella12
 
 


Joined: 22 Oct 2009
Posts: 1

PostPosted: Mon Nov 02, 2009 10:17 pm Reply with quoteBack to top

Provides methods to read and manipulate trees, which are stored in a database (via DB, MDB and MDB2) or an XML file. The trees can be stored in the DB either as nested trees.
Or as simple trees, which use parentId-like structure.
Currently XML data can only be read from a file and accessed.
Generic Viagra
View user's profileSend private message
kai
 
 


Joined: 30 Oct 2009
Posts: 1
Location: DAD

PostPosted: Tue Nov 03, 2009 2:02 pm Reply with quoteBack to top

I maintain several servers to companies with large tares as Buy Viagra and I wonder how good a proxy server in go-type PEAR.php PEAR in PHP 0.2.2 go-PEAR.php refocused and if this will give me security problems as did the Apache2Triad?
View user's profileSend private messageYahoo MessengerMSN Messenger
Display posts from previous:      
Post new topic Reply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme
All times are GMT