lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 9 Jan 2006 03:42:03 -0000 From: jd2k2000@...mail.com To: bugtraq@...urityfocus.com Subject: New PEAR / Apache2Triad Exploit File: go-pear.php Affects: v0.2.2 (May affect other versions) Date: 6th January 2006 Issue Description: ==================================== A vulnerability exists within version 0.2.2 of go-pear.php, part of PHP's PEAR Package. The problem lies in the scripts capacity to utilize a proxy server. An attacker can take advantage of this option by providing it with a malicious proxy server that is configured to redirect the original request to another file server. By simply mirroring the requested content from the intended file server the attacker can assure the script continues running uninterrupted. Hosting a modified version of "Tar.php" and pre pending code to the extractModify() function will allow the attacker to run any PHP code of their choosing. This occurs because go-pear uses "Tar.php" to extract all the packages it previously retrieved, in doing so it invokes the now compromised version of extractModify(). ===================================== Scope: ===================================== This vulnerability has the most serious implications for Apache2Triad users as the go-pear.php script is installed by default and is accessible at http://www.yoursite.com/php/pear/go-pear.php ===================================== Recommendation: ===================================== Regular PEAR users should simply update to the latest version available at http://pear.php.net Apache2Triad users who simply wish to address this issue should do the following: [1] Go to your apache2triad directory [2] Navigate to \php\pear [3] Rename or delete the "go-pear.php" file ===================================== Discovered By: Gammarays
Powered by blists - more mailing lists