Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1038

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2015-1038
Last Modified 23 Jan 2015 03:49:14
Published 21 Jan 2015 01:59:51
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1038

Summary

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

Vulnerable Systems

Application

  • 7-zip P7zip 9.20.1


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1179505

MISC - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660

XF - p7zip-cve20151038-symlink(99970)

BID - 71890

MLIST - [oss-security] 20150111 Re: CVE request for directory traversal flaw in p7zip

Related Patches

SUN137321-03 Solaris 10 SPARC: p7zip patch

SUN137322-03 Solaris 10 x86: p7zip patch


Last Updated: 27 May 2016 11:07:36