SB2018122808 - Insecure deserialization in PEAR Archive_Tar
Published: December 28, 2018 Updated: January 17, 2019
Security Bulletin ID
SB2018122808
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Deserialization of Untrusted Data (CVE-ID: CVE-2018-1000888)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within tar files. A remote attacker can create a tar file with `phar://[path_to_malicious_phar_file]` as path and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://blog.ripstech.com/2018/new-php-exploitation-technique/
- https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It%27s-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf
- https://pear.php.net/bugs/bug.php?id=23782
- https://pear.php.net/package/Archive_Tar/download/
- https://usn.ubuntu.com/3857-1/
- https://www.exploit-db.com/exploits/46108/