CVE-2015-1197 : cpio 2.11, when using the --no-absolute-filenames option, allows local users to

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Published 2015-02-19 15:59:12

Updated 2023-12-27 15:15:44

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2015-1197

GNU » Cpio » Version: 2.11
cpe:2.3:a:gnu:cpio:2.11:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-1197

EPSS FAQ

3.47%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-1197

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.9	LOW	AV:L/AC:M/Au:N/C:N/I:P/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2015-1197

http://www.openwall.com/lists/oss-security/2015/01/07/5

oss-security - Directory traversals in cpio and friends?
Exploit

CVEs referencing this url
https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html

[Bug-cpio] cpio: directory traversal vulnerability via symlinks
Exploit
http://www.ubuntu.com/usn/USN-2906-1

USN-2906-1: GNU cpio vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html

Zimbra Collaboration Suite TAR Path Traversal ≈ Packet Storm

CVEs referencing this url
http://advisories.mageia.org/MGASA-2015-0080.html

Mageia Advisory: MGASA-2015-0080 - Updated cpio package fixes security vulnerability
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669

#774669 - cpio: CVE-2015-1197: directory traversal - Debian Bug report logs
Exploit
http://www.openwall.com/lists/oss-security/2023/12/21/8

oss-security - Security vulnerability in Debian's cpio 2.13
http://www.openwall.com/lists/oss-security/2015/01/18/7

oss-security - Re: CVE Request: cpio -- directory traversal
http://www.securityfocus.com/bid/71914

Cpio Symlink Directory Traversal Vulnerability
http://www.openwall.com/lists/oss-security/2023/12/27/1

oss-security - xarchiver: Path traversal with crafted cpio archives
http://www.mandriva.com/security/advisories?name=MDVSA-2015:066

mandriva.com

Jump to

Vulnerability Details : CVE-2015-1197

Products affected by CVE-2015-1197

Exploit prediction scoring system (EPSS) score for CVE-2015-1197

CVSS scores for CVE-2015-1197

References for CVE-2015-1197