This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
The php-pear package contains the PHP Extension and Application
Repository (PEAR), a framework and distribution system for reusable
It was found that the 'pear' command created temporary files in an
insecure way when installing packages. A malicious, local user could
use this flaw to conduct a symbolic link attack, allowing them to
overwrite the contents of arbitrary files accessible to the victim
running the 'pear install' command. (CVE-2011-1072)
This update also fixes the following bugs :
- The php-pear package has been upgraded to version 1.9.4,
which provides a number of bug fixes over the previous
- Prior to this update, php-pear created a cache in the
'/var/cache/php-pear/' directory when attempting to list
all packages. As a consequence, php-pear failed to
create or update the cache file as a regular user
without sufficient file permissions and could not list
all packages. With this update, php-pear no longer fails
if writing to the cache directory is not permitted. Now,
all packages are listed as expected.
All users of php-pear are advised to upgrade to this updated package,
which corrects these issues.
See also :
Update the affected php-pear package.
Risk factor :
Low / CVSS Base Score : 3.3
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 61194 ()
CVE ID: CVE-2011-1072