CVE-2015-1197

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 19-02-2015 04:59

Last modified: - 20-10-2022 07:15

Total changes: - 2

Description

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:N/I:P/A:N

Low

Attack complexity

Local

Attack vector

None

Availability

None

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

1.9

Base score

3.4

2.9

Exploitability score

Impact score

Verification logic

Reference

71914-
[oss-security] 20150108 Directory traversals in cpio and friends?-Exploit
[Bug-cpio] 20150108 cpio: directory traversal vulnerability via symlinks-Exploit
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
[oss-security] 20150118 Re: CVE Request: cpio -- directory traversal-
http://advisories.mageia.org/MGASA-2015-0080.html
MDVSA-2015:066-
USN-2906-1-
http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html

Keywords

CVE-2015-1197

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2015-1197

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures