Computer Security
[EN] securityvulns.ru no-pyccku


libarchive directory traversal
updated since 16.03.2015
Published:20.04.2015
Source:
SecurityVulns ID:14320
Type:library
Threat Level:
5/10
Description:Directory traversal and symbolic links vulnerability in cpio implementation.
Affected:LIBARCHIVE : libarchive 3.1
CVE:CVE-2015-2304 (Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.)
 CVE-2015-1197 (cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:066 ] cpio (20.04.2015)
 documentDEBIAN, [SECURITY] [DSA 3180-1] libarchive security update (16.03.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod