Lucene search
AmazonALAS-2024-1925HistoryFeb 28, 2024 - 11:54 p.m.
Important: cpio
2024-02-2823:54:00
alas.aws.amazon.com
8
cpio
symlink attack
update
cve-2015-1197
mitre
unix
red hat
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.8%
Issue Overview:
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. (CVE-2015-1197)
Affected Packages:
cpio
Issue Correction:
Run yum update cpio to update your system.
New Packages:
i686:
cpio-2.10-12.13.amzn1.i686
cpio-debuginfo-2.10-12.13.amzn1.i686
src:
cpio-2.10-12.13.amzn1.src
x86_64:
cpio-2.10-12.13.amzn1.x86_64
cpio-debuginfo-2.10-12.13.amzn1.x86_64
Additional References
Red Hat: CVE-2015-1197
Mitre: CVE-2015-1197
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | cpio | < 2.10-12.13.amzn1 | cpio-2.10-12.13.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | cpio-debuginfo | < 2.10-12.13.amzn1 | cpio-debuginfo-2.10-12.13.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | cpio | < 2.10-12.13.amzn1 | cpio-2.10-12.13.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | cpio-debuginfo | < 2.10-12.13.amzn1 | cpio-debuginfo-2.10-12.13.amzn1.x86_64.rpm |
Related
nessus
nessus
EulerOS 2.0 SP10 : cpio (EulerOS-SA-2023-3202)
2024-01-16 00:00:00
EulerOS 2.0 SP11 : cpio (EulerOS-SA-2023-3237)
2024-01-16 00:00:00
Amazon Linux AMI : cpio (ALAS-2024-1925)
2024-03-05 00:00:00
archlinux
archlinux
cpio: directory traversal
2015-03-23 00:00:00
ubuntucve
ubuntucve
CVE-2015-1197
2015-02-19 00:00:00
CVE-2023-7207
2024-02-29 00:00:00
alpinelinux
alpinelinux
CVE-2015-1197
2015-02-19 15:59:12
securityvulns
securityvulns
[ MDVSA-2015:066 ] cpio
2015-04-20 00:00:00
libarchive directory traversal
2015-04-20 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2023-3237)
2023-12-12 00:00:00
Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2023-3202)
2023-11-10 00:00:00
Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2023-3491)
2023-12-22 00:00:00
cvelist
cvelist
CVE-2015-1197
2015-02-19 00:00:00
CVE-2023-7207
2024-01-05 00:39:49
cve
cve
nvd
nvd
prion
prion
Code injection
2015-02-19 15:59:00
Path traversal
2024-02-29 01:42:00
amazon
amazon
Important: cpio
2024-02-29 10:03:00
debiancve
debiancve
CVE-2015-1197
2015-02-19 15:59:12
CVE-2023-7207
2024-02-29 01:42:59
mageia
mageia
Updated cpio packages fix security vulnerabilities
2019-11-14 19:58:51
Updated cpio package fixes security vulnerability
2015-02-19 17:43:07
redhatcve
redhatcve
CVE-2017-7516
2018-01-29 12:50:11
CVE-2023-7207
2024-02-29 08:04:56
vulnrichment
vulnrichment
CVE-2023-7207
2024-01-05 00:39:49
securelist
securelist
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
2022-10-13 08:00:21
ubuntu
ubuntu
GNU cpio vulnerabilities
2016-02-22 00:00:00
packetstorm
packetstorm
Zimbra Collaboration Suite TAR Path Traversal
2022-10-20 00:00:00
zdt
zdt
Zimbra Collaboration Suite TAR Path Traversal Exploit
2022-10-21 00:00:00
metasploit
metasploit
TAR Path Traversal in Zimbra (CVE-2022-41352)
2022-10-06 17:23:53
freebsd
freebsd
cpio -- multiple vulnerabilities
2015-03-27 00:00:00
GNU cpio -- multiple vulnerabilities
2019-11-06 00:00:00
thn
thn
gentoo
gentoo
GNU cpio: Multiple vulnerabilities
2015-02-15 00:00:00
osv
osv
cpio-2.13-3.3 on GA media
2024-06-15 00:00:00
attackerkb
attackerkb
CVE-2022-41352
2022-09-26 00:00:00
rapid7blog
rapid7blog
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.8%
Related for ALAS-2024-1925