Candidate: CVE-2014-5459
PublicDate: 2014-09-27 10:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5459
Description:
 The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local
 users to write to arbitrary files via a symlink attack on a (1)
 rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the
 retrieveCacheFirst and useLocalCache functions.
Ubuntu-Description:
Notes:
 jdstrand> Upstream states this is a known issue
 sbeattie> upstream claims fixed in 1.9.2, but still uses /tmp/pear/
   according to debian bug report
 mdeslaur> 1.9.2+ only a DoS
 rodrigo-zaiden> No complete fix was provided as of 2022-03-08.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282
 https://pear.php.net/bugs/bug.php?id=18056
Priority: negligible
Discovered-by:
Assigned-to:
CVSS: 

Tags_php5: symlink-restriction hardlink-restriction
Patches_php5:
upstream_php5: needs-triage
lucid_php5: ignored (reached end-of-life)
precise_php5: ignored (reached end-of-life)
precise/esm_php5: ignored (end of ESM support, was needed)
trusty_php5: ignored (reached end-of-life)
trusty/esm_php5: deferred (2022-03-08)
utopic_php5: ignored (reached end-of-life)
vivid_php5: ignored (reached end-of-life)
vivid/stable-phone-overlay_php5: DNE
vivid/ubuntu-core_php5: DNE
wily_php5: ignored (reached end-of-life)
xenial_php5: DNE
yakkety_php5: DNE
zesty_php5: DNE
artful_php5: DNE
bionic_php5: DNE
cosmic_php5: DNE
disco_php5: DNE
eoan_php5: DNE
focal_php5: DNE
groovy_php5: DNE
hirsute_php5: DNE
impish_php5: DNE
jammy_php5: DNE
devel_php5: DNE

Tags_php-pear: symlink-restriction hardlink-restriction
Patches_php-pear:
upstream_php-pear: needs-triage
precise_php-pear: DNE
precise/esm_php-pear: DNE
trusty_php-pear: DNE
trusty/esm_php-pear: DNE
vivid/stable-phone-overlay_php-pear: DNE
vivid/ubuntu-core_php-pear: DNE
wily_php-pear: DNE
xenial_php-pear: ignored (end of standard support, was needed)
esm-infra/xenial_php-pear: deferred (2022-03-08)
yakkety_php-pear: ignored (reached end-of-life)
zesty_php-pear: ignored (reached end-of-life)
artful_php-pear: ignored (reached end-of-life)
bionic_php-pear: deferred (2022-03-08)
cosmic_php-pear: ignored (reached end-of-life)
disco_php-pear: ignored (reached end-of-life)
eoan_php-pear: ignored (reached end-of-life)
focal_php-pear: deferred (2022-03-08)
groovy_php-pear: ignored (reached end-of-life)
hirsute_php-pear: ignored (reached end-of-life)
impish_php-pear: deferred (2022-03-08)
jammy_php-pear: deferred (2022-03-08)
devel_php-pear: deferred (2022-03-08)