[原文]Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
PEAR Archive_Tar contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when a PHP script unarchives a crafted tar file. It is possible that the flaw may allow the overwriting of any file for which the web process has write permission, resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.