This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
A security hole was discovered in all versions of the PEAR Installer
(http://pear.php.net/PEAR). The security hole is the most serious hole
found to date in the PEAR Installer, and would allow a malicious
package to install files anywhere in the filesystem.
The vulnerability only affects users who are installing an
intentionally created package with a malicious intent. Because the
package is easily traced to its source, this is most likely to happen
if a hacker were to compromise a PEAR channel server and alter a
package to install a backdoor. In other words, it must be combined
with other exploits to be a problem.
Updated packages have been patched to prevent this issue.
Update the affected php-pear package.
Risk factor :
Medium / CVSS Base Score : 6.8