Описание
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
Отчет
This vulnerability requires the attacker to use social engineering on the victim to get them to open the cpio archive.
Меры по смягчению последствий
Use the --no-absolute-filenames option to avoid this behaviour.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | cpio | Out of support scope | ||
| Red Hat Enterprise Linux 7 | cpio | Fix deferred | ||
| Red Hat Enterprise Linux 8 | cpio | Fix deferred | ||
| Red Hat Enterprise Linux 9 | cpio | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
A path traversal vulnerability was found in the CPIO utility. This iss ...
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system.
Уязвимость утилиты архивирования cpio операционных систем Red Hat Enterprise Linux, позволяющая нарушителю выполнить произвольные команды
EPSS
5.3 Medium
CVSS3