MEDIUM4.3
Уязвимость утилиты архивирования Сpio, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PСсылки
Серьёзность:
Закрытые проблемы (4)
MEDIUM5.0
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PСсылки
- http://seclists.org/fulldisclosure/2014/Nov/74
- http://secunia.com/advisories/60167
- http://secunia.com/advisories/62145
- http://www.debian.org/security/2014/dsa-3111
- http://www.openwall.com/lists/oss-security/2014/11/23/2
- http://www.openwall.com/lists/oss-security/2014/11/25/2
- http://www.openwall.com/lists/oss-security/2014/11/26/20
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/71248
- http://www.ubuntu.com/usn/USN-2456-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98918
- https://savannah.gnu.org/bugs/?43709
- http://seclists.org/fulldisclosure/2014/Nov/74
- http://secunia.com/advisories/60167
- http://secunia.com/advisories/62145
- http://www.debian.org/security/2014/dsa-3111
- http://www.openwall.com/lists/oss-security/2014/11/23/2
- http://www.openwall.com/lists/oss-security/2014/11/25/2
- http://www.openwall.com/lists/oss-security/2014/11/26/20
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/71248
- http://www.ubuntu.com/usn/USN-2456-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98918
- https://savannah.gnu.org/bugs/?43709
LOW1.9
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
CVSS 2.0НИЗКАЯ 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:P/A:NСсылки
- http://advisories.mageia.org/MGASA-2015-0080.html
- http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:066
- http://www.openwall.com/lists/oss-security/2015/01/07/5
- http://www.openwall.com/lists/oss-security/2015/01/18/7
- http://www.openwall.com/lists/oss-security/2023/12/21/8
- http://www.openwall.com/lists/oss-security/2023/12/27/1
- http://www.securityfocus.com/bid/71914
- http://www.ubuntu.com/usn/USN-2906-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
- https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html
- http://advisories.mageia.org/MGASA-2015-0080.html
- http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:066
- http://www.openwall.com/lists/oss-security/2015/01/07/5
- http://www.openwall.com/lists/oss-security/2015/01/18/7
- http://www.openwall.com/lists/oss-security/2023/12/21/8
- http://www.openwall.com/lists/oss-security/2023/12/27/1
- http://www.securityfocus.com/bid/71914
- http://www.ubuntu.com/usn/USN-2906-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
- https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html
MEDIUM6.5
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HСсылки
- http://www.debian.org/security/2016/dsa-3483
- http://www.openwall.com/lists/oss-security/2016/01/19/4
- http://www.openwall.com/lists/oss-security/2016/01/22/4
- http://www.securityfocus.com/bid/82293
- http://www.securitytracker.com/id/1035067
- http://www.ubuntu.com/usn/USN-2906-1
- http://www.debian.org/security/2016/dsa-3483
- http://www.openwall.com/lists/oss-security/2016/01/19/4
- http://www.openwall.com/lists/oss-security/2016/01/22/4
- http://www.securityfocus.com/bid/82293
- http://www.securitytracker.com/id/1035067
- http://www.ubuntu.com/usn/USN-2906-1