Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.6.0

Bug #6933 Archive_Tar (Tar file management class) Directory traversal
Submitted: 2006-02-25 04:07 UTC
From: het_ebadi at yahoo dot com Assigned: cellog
Status: Closed Package: Archive_Tar (version 1.3.1)
PHP Version: Irrelevant OS: ALL
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 2 + 5 = ?

 
 [2006-02-25 04:07 UTC] het_ebadi at yahoo dot com (hamid)
Description: ------------ Archive_Tar (Tar file management class) Directory traversal (Tested on 1.2) This class provides handling of tar files in PHP. It supports creating, listing, extracting and adding to tar files. Gzip support is available if PHP has the zlib extension built-in or loaded. Bz2 compression is also supported with the bz2 extension loaded. http://www.phpconcept.net http://www.zend.com/pear/whoiswho.php?pkg=Archive_Tar http://pear.php.net/package/Archive_Tar Credit: The information has been provided by Hamid Ebadi ( Hamid Network Security Team) : admin@hamid.ir. The original article can be found at : http://hamid.ir/security Vulnerable Systems: Tested on Archive_Tar 1.2 Detail : Directory traversal while extracting (.TAR) What is Directory traversal in archivers? that allowed one to create malicous archive files, which would overwrite system files or place dangerous files in defined directory(example :shell.php in wwwroot directory) This could be abused by sending an archive to a local user who would unzip / untar an archive, the archive would then be able to overwrite any file to which the user has write permissions, thus it could also be abused if a system ran som antivirus software which automatically opened archive files. harmless exploit: use HEAP [Hamid Evil Archive Pack] you can find it from Hamid Network Security Team: http://www.hamid.ir/tools/ want to know more ? http://www.hamid.ir/paper

Comments

 [2006-12-20 20:11 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2006-12-20 20:33 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!