PT-2015-5159 · Gnu+2 · Cpio+2

Alexander Cherepanov

Published

2015-02-19

Updated

2025-08-26

CVE-2015-1197

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions cpio version 2.11

Description The issue allows local users to write to arbitrary files via a symlink attack on a file in an archive when the --no-absolute-filenames option is used.

Recommendations For cpio version 2.11, avoid using the --no-absolute-filenames option until a patch is available. As a temporary workaround, consider restricting access to archives that may contain symlinks to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2015-2097

CVE-2015-1197

MGASA-2019-0326

OESA-2023-1300

OESA-2023-1336

OESA-2023-1337

OESA-2023-1338

OPENSUSE-SU-2024:10697-1

USN-2906-1

Affected Products

Alt Linux

Ubuntu

Cpio

PT-2015-5159 · Gnu+2 · Cpio+2

CVE-2015-1197

Related Identifiers

Affected Products

References · 53