CVE-2015-1197
Summary
| CVE | CVE-2015-1197 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-02-19 15:59:00 UTC |
| Updated | 2023-12-27 15:15:00 UTC |
| Description | cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Support / Security / Advisories / / MDVSA-2015:066 | Mandriva | MANDRIVA | www.mandriva.com | |
| Cpio Symlink Directory Traversal Vulnerability | BID | www.securityfocus.com | |
| oss-security - Security vulnerability in Debian's cpio 2.13 | www.openwall.com | ||
| oss-security - Re: CVE Request: cpio -- directory traversal | MLIST | www.openwall.com | |
| Zimbra Collaboration Suite TAR Path Traversal ≈ Packet Storm | MISC | packetstormsecurity.com | |
| USN-2906-1: GNU cpio vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Mageia Advisory: MGASA-2015-0080 - Updated cpio package fixes security vulnerability | CONFIRM | advisories.mageia.org | |
| oss-security - xarchiver: Path traversal with crafted cpio archives | www.openwall.com | ||
| [Bug-cpio] cpio: directory traversal vulnerability via symlinks | MLIST | lists.gnu.org | Exploit |
| #774669 - cpio: CVE-2015-1197: directory traversal - Debian Bug report logs | MISC | bugs.debian.org | Exploit |
| oss-security - Directory traversals in cpio and friends? | MLIST | www.openwall.com | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 357270 Amazon Linux Security Advisory for cpio : ALAS2-2024-2489
- 357285 Amazon Linux Security Advisory for cpio : ALAS-2024-1925
- 357293 Amazon Linux Security Advisory for cpio : ALAS2023-2024-557
- 500862 Alpine Linux Security Update for cpio
- 504655 Alpine Linux Security Update for cpio
- 673446 EulerOS Security Update for cpio (EulerOS-SA-2023-3202)
- 673614 EulerOS Security Update for cpio (EulerOS-SA-2023-3167)
- 673786 EulerOS Security Update for cpio (EulerOS-SA-2023-3237)
- 673845 EulerOS Security Update for cpio (EulerOS-SA-2023-3265)