Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-5658

Published: 17 December 2008

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.

Notes

AuthorNote
mdeslaur
zip is only in php > 5.2.x
apart from these patches, libzip was updated to 0.9.0
not sure if it's necessary to fix the issue...

seems the issue is not resolved:
http://bugs.php.net/bug.php?id=47188
more info: http://news.php.net/php.internals/42758
http://news.php.net/php.internals/42760
http://news.php.net/php.internals/42762
http://news.php.net/php.internals/42796 (proposed patch)
http://news.php.net/php.internals/42797 (proposed smaller patch)

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
upstream
Released (5.2.7)
dapper Not vulnerable
(zip not present in 5.1)
gutsy
Released (5.2.3-1ubuntu6.5)
hardy
Released (5.2.4-2ubuntu5.5)
intrepid
Released (5.2.6-2ubuntu4.1)
Patches:
upstream: http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?hideattic=0&r1=1.1.2.43&r2=1.1.2.44 (incomplete)
vendor: http://patch-tracking.debian.net/patch/series/view/php5/5.2.6.dfsg.1-3/CVE-2008-5658.patch