CVE-2015-1197
published 2015-02-19CVE-2015-1197: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
low1.9CVSS 3.1
AVLACMAuNCNIPAN
EXPLOIT
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cpio | < cpio 2.11+dfsg-4.1 (bookworm) | cpio 2.11+dfsg-4.1 (bookworm) |
| debian | cpio | < cpio 2.14+dfsg-1 (forky) | cpio 2.14+dfsg-1 (forky) |
| debian | debian_cpio | < 2.14+dfsg-1 | 2.14+dfsg-1 |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | >= 0 < 2.11+dfsg-4.1 | 2.11+dfsg-4.1 |
| gnu | cpio | >= 0 < 2.11+dfsg-4.1 | 2.11+dfsg-4.1 |
| gnu | cpio | >= 0 < 2.11+dfsg-4.1 | 2.11+dfsg-4.1 |
| gnu | cpio | >= 0 < 2.14+dfsg-1 | 2.14+dfsg-1 |
| gnu | cpio | >= 0 < 2.11+dfsg-4.1 | 2.11+dfsg-4.1 |
| gnu | cpio | >= 0 < 2.14+dfsg-1 | 2.14+dfsg-1 |
| gnu | cpio | >= 0 < 2.11+dfsg-1ubuntu1.2 | 2.11+dfsg-1ubuntu1.2 |
| msrc | cbl2_cpio_2.13-5_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd1.9LOWAV:L/AC:M/Au:N/C:N/I:P/A:N
osv1.9LOW