6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
Alexander Cherepanov discovered that bsdcpio, an implementation of the
cpio program part of the libarchive project, is susceptible to a
directory traversal vulnerability via absolute paths.
For the stable distribution (wheezy), this problem has been fixed in
version 3.0.4-3+wheezy1.
For the upcoming stable distribution (jessie), this problem has been
fixed in version 3.1.2-11.
For the unstable distribution (sid), this problem has been fixed in
version 3.1.2-11.
We recommend that you upgrade your libarchive packages.
CPE | Name | Operator | Version |
---|---|---|---|
libarchive | eq | 3.0.4-3+nmu1 |