Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2304

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2015-2304
Last Modified 01 Apr 2015 10:00:21
Published 15 Mar 2015 03:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2304

Summary

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

Vulnerable Systems

Application

  • Libarchive 3.1.2


References

CONFIRM - https://groups.google.com/forum/#!msg/libarchive-discuss/dN9y1VvE1Qk/Z9uerigjQn0J

CONFIRM - https://github.com/libarchive/libarchive/pull/110

CONFIRM - https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526

MLIST - [oss-security] 20150116 CVE Request: libarchive -- directory traversal in bsdcpio

MLIST - [oss-security] 20150108 Directory traversals in cpio and friends?

DEBIAN - DSA-3180

SUSE - openSUSE-SU-2015:0568

UBUNTU - USN-2549-1

MANDRIVA - MDVSA-2015:157

CONFIRM - http://advisories.mageia.org/MGASA-2015-0106.html


Last Updated: 27 May 2016 11:08:16