Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Jan 2015 15:25:14 -0500 (EST)
From: cve-assign@...re.org
To: Alexander Cherepanov <ch3root@...nwall.com>
cc: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: CVE Request: cpio -- directory traversal


On Fri, 16 Jan 2015, Alexander Cherepanov wrote:

> Hi!
>
> cpio is susceptible to a directory traversal vulnerability via symlinks.
>
> Initial report:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669
>
> Upstream report:
> https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html
>
> Some discussion:
> http://www.openwall.com/lists/oss-security/2015/01/07/5
> http://www.openwall.com/lists/oss-security/2015/01/08/4
>
> Could CVE(s) please be assigned?
>
> -- 
> Alexander Cherepanov

Use CVE-2015-1197.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ