CVE-2010-4226

CVE-2010-4226

Name

CVE-2010-4226

Description

cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2011-03/msg00008.html
Vendor Advisory	http://support.novell.com/security/cve/CVE-2010-4226.html
Vendor Advisory	https://bugzilla.novell.com/show_bug.cgi?id=665768

Type

URI

cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2011-03/msg00008.html

Vendor Advisory

http://support.novell.com/security/cve/CVE-2010-4226.html

Vendor Advisory

https://bugzilla.novell.com/show_bug.cgi?id=665768

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnu:cpio::::::::`	cpio	== None	== None
`cpe:2.3:o:opensuse:opensuse:2007.05.10:::::::*`	opensuse	== None	== 2007.05.10
`cpe:2.3:o:opensuse:opensuse:2010.07.28:::::::*`	opensuse	== None	== 2010.07.28

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*

cpio

== None

cpe:2.3:o:opensuse:opensuse:2007.05.10:*:*:*:*:*:*:*

opensuse

== None

== 2007.05.10

cpe:2.3:o:opensuse:opensuse:2010.07.28:*:*:*:*:*:*:*

opensuse

== None

== 2010.07.28

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
cpio	edge-community	2.15-r0	Stuart Cardall <developer@it-offshore.co.uk>	possibly vulnerable
cpio	3.22-community	2.15-r0	Stuart Cardall <developer@it-offshore.co.uk>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

cpio

edge-community

2.15-r0

Stuart Cardall <developer@it-offshore.co.uk>

possibly vulnerable

cpio

3.22-community

2.15-r0

Stuart Cardall <developer@it-offshore.co.uk>

possibly vulnerable

References

Match rules

Vulnerable and fixed packages