Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201502-11
HistoryFeb 15, 2015 - 12:00 a.m.

GNU cpio: Multiple vulnerabilities

2015-02-1500:00:00
Gentoo Foundation
security.gentoo.org
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%

JSON

Background

GNU cpio copies files into or out of a cpio or tar archive.

Description

Two vulnerabilities have been discovered in GNU cpio:

  • The list_file function in GNU cpio contains a heap-based buffer overflow vulnerability (CVE-2014-9112)
  • A directory traversal vulnerability has been found in GNU cpio (CVE-2015-1197)

Impact

A remote attacker may be able to entice a user to open a specially crafted archive using GNU cpio, possibly resulting in execution of arbitrary code, a Denial of Service condition, or overwriting arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All GNU cpio users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.11-r3"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-arch/cpio< 2.11-r3UNKNOWN

Related

nessus 34
openvas 24
freebsd 2
securityvulns 4
ubuntucve 3
fedora 2
redhat 1
debian 3
debiancve 3
cve 4
prion 3
mageia 3
oraclelinux 1
ibm 1
archlinux 2
centos 1
amazon 2
alpinelinux 1
ubuntu 2
thn 1
packetstorm 1
metasploit 1
zdt 1
securelist 1
redhatcve 2
attackerkb 1
rapid7blog 1
nessus
nessus
GLSA-201502-11 : GNU cpio: Multiple vulnerabilities
2015-02-16 00:00:00
Mandriva Linux Security Advisory : cpio (MDVSA-2015:065)
2015-03-30 00:00:00
FreeBSD : cpio -- multiple vulnerabilities (72ee9707-d7b2-11e4-8d8e-f8b156b6dcc8)
2015-04-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201502-11
2015-09-29 00:00:00
Mageia: Security Advisory (MGASA-2014-0528)
2022-01-28 00:00:00
RedHat Update for cpio RHSA-2015:2108-03
2015-11-20 00:00:00
freebsd
freebsd
cpio -- multiple vulnerabilities
2015-03-27 00:00:00
GNU cpio -- multiple vulnerabilities
2019-11-06 00:00:00
securityvulns
securityvulns
GNU cpio buffer overflow
2014-12-22 00:00:00
[ MDVSA-2014:250 ] cpio
2014-12-22 00:00:00
[ MDVSA-2015:066 ] cpio
2015-04-20 00:00:00
ubuntucve
ubuntucve
CVE-2014-9112
2014-12-02 00:00:00
CVE-2015-1197
2015-02-19 00:00:00
CVE-2023-7207
2024-02-29 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: cpio-2.11-33.fc21
2014-12-18 06:06:28
[SECURITY] Fedora 20 Update: cpio-2.11-28.fc20
2015-01-06 06:09:24
redhat
redhat
(RHSA-2015:2108) Moderate: cpio security and bug fix update
2015-11-19 14:43:07
debian
debian
[SECURITY] [DSA 3111-1] cpio security update
2014-12-23 00:55:26
[SECURITY] [DLA 111-1] cpio security update
2014-12-15 14:18:40
[SECURITY] [DSA 3111-1] cpio security update
2014-12-23 00:55:26
debiancve
debiancve
CVE-2014-9112
2014-12-02 16:59:00
CVE-2015-1197
2015-02-19 15:59:00
CVE-2023-7207
2024-02-29 01:42:59
cve
cve
CVE-2014-9112
2014-12-02 16:59:00
CVE-2015-1197
2015-02-19 15:59:00
CVE-2017-7516
2018-01-29 19:29:00
prion
prion
Heap overflow
2014-12-02 16:59:00
Code injection
2015-02-19 15:59:00
Path traversal
2024-02-29 01:42:00
mageia
mageia
Updated cpio package fixes security vulnerability
2014-12-14 17:10:39
Updated cpio package fixes security vulnerability
2015-02-19 17:43:07
Updated cpio packages fix security vulnerabilities
2019-11-14 19:58:51
oraclelinux
oraclelinux
cpio security and bug fix update
2015-11-23 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in cpio affects PowerKVM (CVE-2014-9112)
2018-06-18 01:30:30
archlinux
archlinux
cpio: heap buffer overflow
2015-01-14 00:00:00
cpio: directory traversal
2015-03-23 00:00:00
centos
centos
cpio security update
2015-11-30 19:26:10
amazon
amazon
Important: cpio
2024-02-29 10:03:00
Important: cpio
2024-02-28 23:54:00
alpinelinux
alpinelinux
CVE-2015-1197
2015-02-19 15:59:00
ubuntu
ubuntu
GNU cpio vulnerabilities
2015-01-08 00:00:00
GNU cpio vulnerabilities
2016-02-22 00:00:00
thn
thn
Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite
2022-10-17 09:50:00
packetstorm
packetstorm
Zimbra Collaboration Suite TAR Path Traversal
2022-10-20 00:00:00
metasploit
metasploit
TAR Path Traversal in Zimbra (CVE-2022-41352)
2022-10-06 17:23:53
zdt
zdt
Zimbra Collaboration Suite TAR Path Traversal Exploit
2022-10-21 00:00:00
securelist
securelist
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
2022-10-13 08:00:21
redhatcve
redhatcve
CVE-2023-7207
2024-02-29 08:04:56
CVE-2017-7516
2018-01-29 12:50:11
attackerkb
attackerkb
CVE-2022-41352
2022-09-26 00:00:00
rapid7blog
rapid7blog
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
2022-10-06 17:13:34

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%

JSON
Related for GLSA-201502-11
nessus34openvas24freebsd2securityvulns4ubuntucve3fedora2redhat1debian3debiancve3cve4prion3mageia3oraclelinux1ibm1archlinux2centos1amazon2alpinelinux1ubuntu2thn1packetstorm1metasploit1zdt1securelist1redhatcve2attackerkb1rapid7blog1