5 results (0.003 seconds)

CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. En Archive_Tar versiones anteriores a 1.4.14, los enlaces simbólicos pueden referirse a objetivos fuera del archivo extraído, una vulnerabilidad diferente a CVE-2020-36193 • https://github.com/pear/Archive_Tar/commit/7789ebb2f34f9e4adb3a4152ad0d1548930a9755 https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f https://github.com/pear/Archive_Tar/releases/tag/1.4.14 https://lists.debian.org/debian-lts-announce/2021/07/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAODVMHGL5MHQWQAQTXQ7G7OE3VQZ7LS https:/& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 89%CPEs: 11EXPL: 0

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. El archivo Tar.php en Archive_Tar versiones hasta 1.4.11, permite operaciones de escritura con Salto de Directorio debido a una comprobación inadecuada de enlaces simbólicos, un problema relacionado al CVE-2020-28948 A flaw was found in the Archive_Tar package. Archive_Tar could allow a remote attacker to traverse directories on the system caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing "dot dot" sequences (/../) to modify arbitrary files on the system. PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. • https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916 https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOZNK4FIIV7FSFCJNNFWMJZTTV7NFJV2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 6%CPEs: 11EXPL: 3

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Archive_Tar versiones hasta 1.4.10, permite un ataque de no serialización porque phar: está bloqueado pero PHAR: no está bloqueado • https://github.com/0x240x23elu/CVE-2020-28948-and-CVE-2020-28949 https://github.com/JinHao-L/PoC-for-CVE-2020-28948-CVE-2020-28949 https://github.com/pear/Archive_Tar/issues/33 https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B https://lists.fedora • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 94%CPEs: 11EXPL: 4

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. Archive_Tar versiones hasta 1.4.10, presenta una desinfección del nombre de archivo :// solo para abordar los ataques phar y, por lo tanto, cualquier otro ataque de empaquetado de flujo (tal y como file:// para sobrescribir archivos) aún puede tener éxito A flaw was found in the Archive_Tar package. PEAR Archive_Tar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive. PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. • https://github.com/0x240x23elu/CVE-2020-28948-and-CVE-2020-28949 https://github.com/JinHao-L/PoC-for-CVE-2020-28948-CVE-2020-28949 http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html https://github.com/pear/Archive_Tar/issues/33 https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR https://lists.fedoraproject.org/archives/list/pack • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 3

PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. • https://www.exploit-db.com/exploits/46108 https://blog.ripstech.com/2018/new-php-exploitation-technique https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It%27s-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf https://lists.debian.org/debian-lts-announce/2019/02/msg00020.html https://pear.php.net/bugs/bug.php?id=23782 https://pear.php.net/package/Archive_Tar/download https://security.gentoo.org/glsa/202006-14 https://usn.ubuntu.com/3857-1 https:/ • CWE-502: Deserialization of Untrusted Data •