Backdoor in PHP PEAR



Risk Critical
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-912
Exploitation vector Network
Public exploit N/A
Vulnerable software
 PEAR
Universal components / Libraries / Scripting languages

Vendor PHP Group

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Backdoor

EUVDB-ID: #VU17096

Risk: Critical

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]

CVE-ID: N/A

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The issue exists within the PHP PEAR software, downloaded from the official repository within the last 6 month. Unknown attackers compromised the official repository and implanted malicious code into it.

If you have updated your PEAR installation within the last 6 month, most likely your server is compromised.

Mitigation

Update to version 1.10.9.

Vulnerable software versions

PEAR: 1.10.7 - 1.10.8

CPE2.3 External links

https://blog.pear.php.net/2018/12/20/security-vulnerability-announcement-archive_tar/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###