oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: cpio -- directory traversal

From: cve-assign () mitre org
Date: Sun, 18 Jan 2015 15:25:14 -0500 (EST)

On Fri, 16 Jan 2015, Alexander Cherepanov wrote:


Hi!

cpio is susceptible to a directory traversal vulnerability via symlinks.

Initial report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669

Upstream report:
https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html

Some discussion:
http://www.openwall.com/lists/oss-security/2015/01/07/5
http://www.openwall.com/lists/oss-security/2015/01/08/4

Could CVE(s) please be assigned?

--
Alexander Cherepanov


Use CVE-2015-1197.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Previous By Date Next
Previous By Thread Next

Current thread: