Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.5.0

Bug #6933 Archive_Tar (Tar file management class) Directory traversal
Submitted: 2006-02-25 04:07 UTC
From: het_ebadi at yahoo dot com Assigned: cellog
Status: Closed Package: Archive_Tar (version 1.3.1)
PHP Version: Irrelevant OS: ALL
Roadmaps: (Not assigned)    
Comments Add Comment Add patch

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem : 32 + 34 = ?

 [2006-02-25 04:07 UTC] het_ebadi at yahoo dot com (hamid)
Description: ------------ Archive_Tar (Tar file management class) Directory traversal (Tested on 1.2) This class provides handling of tar files in PHP. It supports creating, listing, extracting and adding to tar files. Gzip support is available if PHP has the zlib extension built-in or loaded. Bz2 compression is also supported with the bz2 extension loaded. Credit: The information has been provided by Hamid Ebadi ( Hamid Network Security Team) : The original article can be found at : Vulnerable Systems: Tested on Archive_Tar 1.2 Detail : Directory traversal while extracting (.TAR) What is Directory traversal in archivers? that allowed one to create malicous archive files, which would overwrite system files or place dangerous files in defined directory(example :shell.php in wwwroot directory) This could be abused by sending an archive to a local user who would unzip / untar an archive, the archive would then be able to overwrite any file to which the user has write permissions, thus it could also be abused if a system ran som antivirus software which automatically opened archive files. harmless exploit: use HEAP [Hamid Evil Archive Pack] you can find it from Hamid Network Security Team: want to know more ?


 [2006-12-20 20:11 UTC] cellog (Greg Beaver)
ALWAYS report security advisories to, a bug report is not enough.
 [2006-12-20 20:33 UTC] cellog (Greg Beaver)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.