CVE-2014-5459 : The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

Published 2014-09-27 10:55:05

Updated 2021-03-29 14:38:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-5459

PHP » PHP
Versions up to, including, (<=) 5.6.0
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Matching versions
Oracle » Solaris » Version: 11.2
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.3
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Evergreen » Version: 11.4
cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2014-5459

Top countries where our scanners detected CVE-2014-5459

Top open port discovered on systems with this issue 80

IPs affected by CVE-2014-5459 432,521

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-5459!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-5459

EPSS FAQ

0.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 31 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-5459

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.6	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:P	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-5459

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-5459

http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html

openSUSE-SU-2014:1133-1: moderate: php5
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html

openSUSE-SU-2014:1245-1: moderate: update for php5
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Oracle Bulletin Board Update - January 2015
Third Party Advisory

CVEs referencing this url
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282

#759282 - [php-pear] "/tmp" symlink file clobbering (CVE-2014-5459) - Debian Bug report logs
Exploit;Issue Tracking;Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/08/27/3

oss-security - Re: CVE request: php-pear, pear's insecure /tmp/ use for cache data
Mailing List;Third Party Advisory