Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1197

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2015-1197
Last Modified 31 Mar 2015 10:00:21
Published 19 Feb 2015 10:59:12
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1197

Summary

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Vulnerable Systems

Application

  • Gnu Cpio 2.11


References

MLIST - [Bug-cpio] 20150108 cpio: directory traversal vulnerability via symlinks

MISC - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669

BID - 71914

MLIST - [oss-security] 20150118 Re: CVE Request: cpio -- directory traversal

MLIST - [oss-security] 20150108 Directory traversals in cpio and friends?

MANDRIVA - MDVSA-2015:066

CONFIRM - http://advisories.mageia.org/MGASA-2015-0080.html


Last Updated: 27 May 2016 11:08:16