FS#44173 : [cpio][CVE-2015-1197] arbitrary file write

FS#44173 - [cpio][CVE-2015-1197] arbitrary file write

Attached to Project: Arch Linux
Opened by Christian Rebischke (Shibumi) - Friday, 13 March 2015, 15:19 GMT
Last edited by Tobias Powalowski (tpowa) - Wednesday, 18 March 2015, 15:26 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Tobias Powalowski (tpowa)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

References
==========
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1197
http://www.openwall.com/lists/oss-security/2015/01/18/7

This task depends upon

Closed by Tobias Powalowski (tpowa)
Wednesday, 18 March 2015, 15:26 GMT
Reason for closing: Fixed
Additional comments about closing: cpio-2.11-6

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#44173 - [cpio][CVE-2015-1197] arbitrary file write

Details

Loading...