Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5658

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5658
Last Modified 31 Oct 2009 02:10:14
Published 17 Dec 2008 03:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5658

Summary

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.

Vulnerable Systems

Application

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1.0

  • Php 5.1.1

  • Php 5.1.2

  • Php 5.1.3

  • Php 5.1.4

  • Php 5.1.5

  • Php 5.1.6

  • Php 5.2.0

  • Php 5.2.1

  • Php 5.2.2

  • Php 5.2.3

  • Php 5.2.4

  • Php 5.2.5

  • Php 5.2.6


References

FEDORA - FEDORA-2009-3848

FEDORA - FEDORA-2009-3768

XF - php-ziparchive-directory-traversal(47079)

MISC - http://www.sektioneins.de/advisories/SE-2008-06.txt

SECTRACK - 1021303

BID - 32625

BUGTRAQ - 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

REDHAT - RHSA-2009:0350

CONFIRM - http://www.php.net/ChangeLog-5.php#5.2.7

MLIST - [oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)

MANDRIVA - MDVSA-2009:045

DEBIAN - DSA-1789

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0035

SECUNIA - 35650

SECUNIA - 35306

SECUNIA - 35003

OSVDB - 50480

HP - SSRT090192

HP - SSRT090085

SUSE - SUSE-SR:2009:004

BUGTRAQ - 20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability

HP - HPSBUX02465

HP - HPSBUX02431


Last Updated: 27 May 2016 10:49:59