Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0552

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2015-0552
Last Modified 17 Feb 2015 10:13:42
Published 15 Jan 2015 10:59:26
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0552

Summary

Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • Gnome Gcab 0.4

  • Suse Gcab 0.4


References

CONFIRM - https://bugzilla.gnome.org/show_bug.cgi?id=742331

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774580

MLIST - [oss-security] 20150105 Re: CVE Request: gcab: directory traversal

SUSE - openSUSE-SU-2015:0043

SECUNIA - 62310


Last Updated: 27 May 2016 11:07:49