This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
A vulnerability has been discovered and corrected in php-pear :
The installer in PEAR before 1.9.2 allows local users to overwrite
arbitrary files via a symlink attack on the package.xml file, related
to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4)
pear-build-download directories, a different vulnerability than
This advisory provides PEAR 1.9.4 which is not vulnerable to this
Additionally for Mandriva Enterprise Server 5 many new or updated PEAR
packages is being provided with the latest versions of respective
packages as well as mitigating various dependency issues.
Update the affected php-pear package.
Risk factor :
Low / CVSS Base Score : 3.3
CVSS Temporal Score : 2.9
Public Exploit Available : true