Vulnerability CVE-2015-1197: Information

Description

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Severity: LOW (1.9)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-1197
Published: Feb. 19, 2015
Modified: Dec. 27, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
cpiosisyphus2.12-alt12.15-alt1ALT-PU-2015-2097-1154859Fixed
cpiop102.12-alt12.12-alt2ALT-PU-2015-2097-1154859Fixed
cpiop92.12-alt12.12-alt1ALT-PU-2015-2097-1154859Fixed
cpioc10f12.12-alt12.12-alt2ALT-PU-2015-2097-1154859Fixed
cpioc9f22.12-alt12.12-alt1ALT-PU-2015-2097-1154859Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
71914
    [oss-security] 20150108 Directory traversals in cpio and friends?
    • Exploit
    [Bug-cpio] 20150108 cpio: directory traversal vulnerability via symlinks
    • Exploit
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
    • Exploit
    [oss-security] 20150118 Re: CVE Request: cpio -- directory traversal
      http://advisories.mageia.org/MGASA-2015-0080.html
        MDVSA-2015:066
          USN-2906-1
            http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html
              [oss-security] 20231221 Security vulnerability in Debian's cpio 2.13
                [oss-security] 20231227 xarchiver: Path traversal with crafted cpio archives

                    1. Configuration 1

                      cpe:2.3:a:gnu:cpio:2.11:*:*:*:*:*:*:*
                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                  Version: v24.5.0
                  Back to top