Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1197

CWE-59CWE-22Path Traversal15 documents10 sources
Severity
1.9LOW
EPSS
3.3%
top 12.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Debian Debian CpioGNU Cpio
Timeline
PublishedFeb 19
Latest updateJan 9

Description

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

CVSS vector

AV:L/AC:M/C:N/I:P/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages4 packages

CVEListV5debian/debian_cpio< 2.14+dfsg-1
Debiancpio< 2.11+dfsg-4.1+3
Ubuntucpio< 2.11+dfsg-1ubuntu1.2
NVDgnu/cpio2.11

🔴Vulnerability Details

4
GHSA
GHSA-447h-6vgc-mg6p: cpio 22022-05-17
OSV
cpio vulnerabilities2016-02-22
CVEList
CVE-2015-1197: cpio 22015-02-19
OSV
CVE-2015-1197: cpio 22015-02-19

💥Exploits & PoCs

1
Metasploit
TAR Path Traversal in Zimbra (CVE-2022-41352)

📋Vendor Advisories

6
Microsoft
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provide2024-01-09
Red Hat
cpio: path traversal vulnerability2024-01-04
Red Hat
cpio: --no-absolute-filenames bypass via symlinks2017-06-05
Ubuntu
GNU cpio vulnerabilities2016-02-22
Red Hat
cpio: directory traversal through symlinks2015-01-05

💬Community

3
Bugzilla
CVE-2017-7516 cpio: --no-absolute-filenames bypass via symlinks2018-01-29
Bugzilla
CVE-2015-1197 CVE-2017-7516 cpio: various flaws [fedora-all]2015-02-03
Bugzilla
CVE-2015-1197 cpio: directory traversal through symlinks2015-01-07