Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.9
CVSSv2

CVE-2015-1197

Published: 19/02/2015 Updated: 27/12/2023
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
VMScore: 230
Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Gnu

Vulnerability Summary

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu cpio 2.11

Vendor Advisories

Ubuntu Security Notice: cpio vulnerabilities
Several security issues were fixed in GNU cpio ...
Debian CVElist Bug Report Logs: cpio: Path traversal vulnerability
Debian Bug report logs - #1059163 cpio: Path traversal vulnerability Package: cpio; Maintainer for cpio is Anibal Monsalve Salazar <anibal@debianorg>; Source for cpio is src:cpio (PTS, buildd, popcon) Reported by: Ingo Brückl <ib@oddnetde> Date: Wed, 20 Dec 2023 19:03:02 UTC Severity: grave Tags: security Found ...
Debian CVElist Bug Report Logs: cpio: CVE-2015-1197: directory traversal
Debian Bug report logs - #774669 cpio: CVE-2015-1197: directory traversal Package: cpio; Maintainer for cpio is Anibal Monsalve Salazar <anibal@debianorg>; Source for cpio is src:cpio (PTS, buildd, popcon) Reported by: Alexander Cherepanov <cherepan@mccmeru> Date: Mon, 5 Jan 2015 21:54:01 UTC Severity: normal Tag ...
Amazon Linux 2: ALAS-2024-2489
cpio 211, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive (CVE-2015-1197) ...
Amazon Linux AMI: ALAS-2024-1925
cpio 211, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive (CVE-2015-1197) ...
Red Hat: CVE-2015-1197
cpio 211, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive ...

Exploits

Exploit DB: Zimbra Collaboration Suite TAR Path Traversal
This Metasploit module creates a tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352 If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor The core vulnerability is a path-traversal issue in the cpio command-line utility that can extract an arbitrary file to an arbitrary loca ...
Exploit DB: TAR Path Traversal in Zimbra (CVE-2022-41352)
This module creates a tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352 If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor The core vulnerability is a path-traversal issue in the cpio command- line utlity that can extract an arbit ...

Mailing Lists

Full Disclosure: xarchiver: Path traversal with crafted cpio archives
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> xarchiver: Path traversal with crafted cpio archives <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Ingo Brückl ...
Full Disclosure: Security vulnerability in Debian's cpio 2.13
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Security vulnerability in Debian's cpio 213 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Ingo Brückl &lt;ib ...

Metasploit Modules

TAR Path Traversal in Zimbra (CVE-2022-41352)

This module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command- line utlity that can extract an arbitrary file to an arbitrary location on a Linux system (CVE-2015-1197). Most Linux distros have chosen not to fix it. This issue is exploitable on Red Hat-based systems (and other hosts without pax installed) running versions: * Zimbra Collaboration Suite 9.0.0 Patch 26 (and earlier) * Zimbra Collaboration Suite 8.8.15 Patch 33 (and earlier) The patch simply makes "pax" a pre-requisite.

msf > use exploit/linux/http/zimbra_cpio_cve_2022_41352
msf exploit(zimbra_cpio_cve_2022_41352) > show targets
    ...targets...
msf exploit(zimbra_cpio_cve_2022_41352) > set TARGET < target-id >
msf exploit(zimbra_cpio_cve_2022_41352) > show options
    ...show and set options...
msf exploit(zimbra_cpio_cve_2022_41352) > exploit

Recent Articles

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
Securelist • GReAT • 13 Oct 2022

Overview On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary files to up-to-date servers. At the moment, Zimbra has released a patch and shared its installation steps. In addition, manual mitigation steps can be undertaken by system administrators to prevent succes...

Read more...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/71914http://www.openwall.com/lists/oss-security/2015/01/07/5https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669http://www.openwall.com/lists/oss-security/2015/01/18/7http://advisories.mageia.org/MGASA-2015-0080.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:066http://www.ubuntu.com/usn/USN-2906-1http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.htmlhttp://www.openwall.com/lists/oss-security/2023/12/21/8http://www.openwall.com/lists/oss-security/2023/12/27/1https://usn.ubuntu.com/2906-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1197
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook