[php-maint] Bug#507857: Bug#507857: php5/ext/zip: ZipArchive::extractTo() Directory Traversal Vulnerability

sean finney seanius at debian.org
Fri Dec 5 07:50:42 UTC 2008


hi raphael,

On Thu, Dec 04, 2008 at 09:11:06PM -0600, Raphael Geissert wrote:
> 
> SE-2008-06.txt[1]:
> > [...] it
> >   was discovered that ZipArchive::extractTo() does not flatten
> >   the filenames stored inside the zip archives.

i think there's already another bug about this, or at least a similar CVE.

I would argue that this is not a vulnerability in PHP at all, but poor
application coding for any app that uses this library and does not check
for such things.

perhaps PHP could provide better support for handling such exotic/malicious
archives, but i would see that more of a feature request than a security hole.


	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20081205/bfa23e69/attachment.pgp 


More information about the pkg-php-maint mailing list