PEAR Archive_Tar version 1.4.3 and previous versions contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php pear archive tar |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |
||
canonical ubuntu linux 16.04 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
Open-source CMS gets a pair of critical fixes Drupal drisputes dreport of widespread wide-open websites – whoa
Drupal has issued a pair of updates to address two security vulnerabilities in its online publishing platform. The vulns are a little esoteric, and will not affect most sites, but it's good to patch just in case you later add functionality that can be exploited. Both Drupal.org and US-CERT are advising admins to test and install the two Drupal core fixes, both concerning flaws that can be exploited to perform remote-code execution. As their bug ID numbers would suggest, the updates are the first...