Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-1000888

Good to know:

icon

Date: December 27, 2018

PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.

Language: PHP

Severity Score

Related Resources (14)

https://pear.php.net/bugs/bug.php?id=23782
https://pear.php.net/package/Archive_Tar/download/
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It%27s-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf
https://access.redhat.com/security/cve/CVE-2018-1000888
https://security-tracker.debian.org/tracker/CVE-2018-1000888
https://www.exploit-db.com/exploits/46108/
https://lists.debian.org/debian-lts-announce/2019/02/msg00020.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000888
https://security.gentoo.org/glsa/202006-14
https://nvd.nist.gov/vuln/detail/CVE-2018-1000888
https://www.debian.org/security/2019/dsa-4378
https://blog.ripstech.com/2018/new-php-exploitation-technique/
https://usn.ubuntu.com/3857-1/
https://www.mend.io/vulnerability-database/CVE-2018-1000888

Severity Score

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

icon

Upgrade Version

Upgrade to version 1.4.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us