CVE-2010-4226

Summary

CVE	CVE-2010-4226
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-02-06 17:00:00 UTC
Updated	2014-02-07 20:57:00 UTC
Description	cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.

Risk And Classification

Problem Types: CWE-59

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Cpio	All	All	All	All
Application	Gnu	Cpio	All	All	All	All
Operating System	Opensuse	Opensuse	2007.05.10	All	All	All
Operating System	Opensuse	Opensuse	2010.07.28	All	All	All
Operating System	Opensuse	Opensuse	2007.05.10	All	All	All
Operating System	Opensuse	Opensuse	2010.07.28	All	All	All

References

Reference	Source	Link	Tags
support.novell.com/security/cve/CVE-2010-4226.html	CONFIRM	support.novell.com	Vendor Advisory
Bug 665768 – VUL-0: build: cpio directory traversal	CONFIRM	bugzilla.novell.com	Vendor Advisory
openSUSE-SU-2011:0174-1 (moderate): build security update	SUSE	lists.opensuse.org
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:005	SUSE	lists.opensuse.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

900133 CBL-Mariner Linux Security Update for cpio 2.13
900134 CBL-Mariner Linux Security Update for apparmor 2.13
901155 Common Base Linux Mariner (CBL-Mariner) Security Update for cpio (6356)
903664 Common Base Linux Mariner (CBL-Mariner) Security Update for cpio (2534)