CVE-2015-1197 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	1.9 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:N/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Affected Products (NVD)

Vendor	Product	Version
gnu	cpio	2.11

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

cpio

bookworm	2.13+dfsg-7.1 fixed
bullseye	2.13+dfsg-7.1~deb11u1 fixed
sid	2.15+dfsg-2 fixed
squeeze	no-dsa
trixie	2.15+dfsg-2 fixed
wheezy	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

cpio

lucid	ignored
precise	Fixed 2.11-7ubuntu3.2 released
trusty	Fixed 2.11+dfsg-1ubuntu1.2 released
utopic	ignored
vivid	ignored
wily	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

cpio

suse enterprise desktop 15 SP4	2.13-150400.1.98 fixed
suse enterprise desktop 15 SP5	2.13-150400.1.98 fixed
suse enterprise desktop 15 SP6	2.13-150400.3.6.1 fixed
suse enterprise desktop 15 SP7	2.13-150400.3.6.1 fixed
suse enterprise sap 15 SP4	2.13-150400.1.98 fixed
suse enterprise sap 15 SP5	2.13-150400.1.98 fixed
suse enterprise sap 15 SP6	2.13-150400.3.6.1 fixed
suse enterprise sap 15 SP7	2.13-150400.3.6.1 fixed
suse enterprise server 15 SP4	2.13-150400.1.98 fixed
suse enterprise server 15 SP5	2.13-150400.1.98 fixed
suse enterprise server 15 SP6	2.13-150400.3.6.1 fixed
suse enterprise server 15 SP7	2.13-150400.3.6.1 fixed

cpio-lang

suse enterprise desktop 15 SP4	2.13-150400.1.98 fixed
suse enterprise desktop 15 SP5	2.13-150400.1.98 fixed
suse enterprise desktop 15 SP6	2.13-150400.3.6.1 fixed
suse enterprise desktop 15 SP7	2.13-150400.3.6.1 fixed
suse enterprise sap 15 SP4	2.13-150400.1.98 fixed
suse enterprise sap 15 SP5	2.13-150400.1.98 fixed
suse enterprise sap 15 SP6	2.13-150400.3.6.1 fixed
suse enterprise sap 15 SP7	2.13-150400.3.6.1 fixed
suse enterprise server 15 SP4	2.13-150400.1.98 fixed
suse enterprise server 15 SP5	2.13-150400.1.98 fixed
suse enterprise server 15 SP6	2.13-150400.3.6.1 fixed
suse enterprise server 15 SP7	2.13-150400.3.6.1 fixed

cpio-mt

suse enterprise desktop 15 SP4	2.13-150400.1.98 fixed
suse enterprise desktop 15 SP5	2.13-150400.1.98 fixed
suse enterprise desktop 15 SP6	2.13-150400.3.6.1 fixed
suse enterprise desktop 15 SP7	2.13-150400.3.6.1 fixed
suse enterprise sap 15 SP4	2.13-150400.1.98 fixed
suse enterprise sap 15 SP5	2.13-150400.1.98 fixed
suse enterprise sap 15 SP6	2.13-150400.3.6.1 fixed
suse enterprise sap 15 SP7	2.13-150400.3.6.1 fixed
suse enterprise server 15 SP4	2.13-150400.1.98 fixed
suse enterprise server 15 SP5	2.13-150400.1.98 fixed
suse enterprise server 15 SP6	2.13-150400.3.6.1 fixed
suse enterprise server 15 SP7	2.13-150400.3.6.1 fixed

Known Exploits!

References

http://advisories.mageia.org/MGASA-2015-0080.html

http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:066

http://www.openwall.com/lists/oss-security/2015/01/07/5

http://www.openwall.com/lists/oss-security/2015/01/18/7

http://www.openwall.com/lists/oss-security/2023/12/21/8

http://www.openwall.com/lists/oss-security/2023/12/27/1

http://www.securityfocus.com/bid/71914

http://www.ubuntu.com/usn/USN-2906-1

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669

https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html

http://advisories.mageia.org/MGASA-2015-0080.html

http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:066

http://www.openwall.com/lists/oss-security/2015/01/07/5

http://www.openwall.com/lists/oss-security/2015/01/18/7

http://www.openwall.com/lists/oss-security/2023/12/21/8

http://www.openwall.com/lists/oss-security/2023/12/27/1

http://www.securityfocus.com/bid/71914

http://www.ubuntu.com/usn/USN-2906-1

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669

https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html