Vulnerability CVE-2010-4226

Vulnerability Name:

CVE-2010-4226 (CCN-95705)

Assigned:

2010-11-10

Published:

2010-11-10

Updated:

2014-02-07

Summary:

cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-59

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2010-4226

Source: SUSE
Type: UNKNOWN
SUSE-SR:2011:005

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2011:0174

Source: CONFIRM
Type: Vendor Advisory
http://support.novell.com/security/cve/CVE-2010-4226.html

Source: CCN
Type: GNU Web site
cpio

Source: CONFIRM
Type: Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=665768

Source: XF
Type: UNKNOWN
cpio-cve2014226-symlink(95705)

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:cpio:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:2007.05.10:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:2010.07.28:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20104226	V	CVE-2010-4226	2023-06-22
oval:org.opensuse.security:def:1802	P	Security update for pidgin (Important)	2022-05-16
oval:org.opensuse.security:def:1334	P	Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) (Important)	2022-05-09
oval:org.opensuse.security:def:882	P	Security update for giflib (Moderate)	2022-05-06
oval:org.opensuse.security:def:1757	P	Security update for samba (Critical)	2022-02-08
oval:org.opensuse.security:def:112030	P	build-20210902-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:10231	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:10437	P	Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container (Important) (in QA)	2022-01-03
oval:org.opensuse.security:def:11164	P	Security update for postrsd (Moderate)	2021-12-30
oval:org.opensuse.security:def:837	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:1289	P	Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:64626	P	Security update for aaa_base (Moderate)	2021-12-03
oval:org.opensuse.security:def:10362	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:10167	P	Security update for busybox (Important)	2021-10-27
oval:org.opensuse.security:def:105586	P	build-20210902-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:10343	P	Security update for ffmpeg (Important)	2021-09-23
oval:org.opensuse.security:def:71213	P	jq-1.5-1.27 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71326	P	libunbound2-1.6.8-8.3 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:10142	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:10328	P	Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)	2021-08-23
oval:org.opensuse.security:def:48059	P	krb5-1.12.5-40.37.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47911	P	unzip-6.00-33.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47819	P	libz1-1.2.11-1.27 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47687	P	libXvMC1-1.0.8-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47494	P	rsync-3.1.0-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47373	P	liblzo2-2-2.08-1.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47359	P	libjansson4-2.7-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48318	P	sysstat-12.0.2-10.24.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48104	P	libdjvulibre21-3.5.25.3-5.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47956	P	audiofile-0.3.6-11.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47358	P	libipa_hbac0-1.13.4-33.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47864	P	python-cupshelpers-1.5.7-7.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47732	P	libksba8-1.3.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47539	P	yast2-3.2.36-1.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47418	P	libtcnative-1-0-1.1.34-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47404	P	libraptor2-0-2.0.10-3.63 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47403	P	libquicktime0-1.2.4-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48357	P	zsh-5.0.5-6.7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48273	P	policycoreutils-2.5-10.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:64539	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:10281	P	Security update for squid (Important)	2021-06-11
oval:org.opensuse.security:def:48560	P	libtiff5-4.0.6-26.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48529	P	libnm-glib-vpn1-1.0.12-8.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48464	P	libXcursor1-1.1.14-3.59 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17051	P	gcc48-gij-32bit-4.8.5-24.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48402	P	dhcp-4.3.3-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62846	P	build-20180329-1.10 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36380	P	build-2011.10.10-0.7.10 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124410	P	build-20171128-9.3.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17266	P	libnewt0_52-0.52.16-1.83 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17235	P	gegl-0_2-0.2.0-14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17178	P	lhasa-0.2.0-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17093	P	NetworkManager-1.0.12-8.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16404	P	build-20171128-9.3.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17059	P	kernel-default-extra-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48586	P	opie-2.4-724.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:72565	P	build-20180329-1.10 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48515	P	liblcms1-1.19-17.28 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48484	P	libblkid1-2.28-40.28 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48419	P	ft2demos-2.6.3-7.8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48631	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10067	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:67973	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2021-04-28
oval:org.opensuse.security:def:10235	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:26214	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:11186	P	Security update for froxlor (Moderate)	2021-03-19
oval:org.opensuse.security:def:10218	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:10213	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:10209	P	Security update for python-Jinja2 (Important)	2021-02-26
oval:org.opensuse.security:def:10205	P	Security update for php7 (Important)	2021-02-24
oval:org.opensuse.security:def:26133	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:10033	P	Security update for openssh (Moderate)	2020-12-18
oval:org.opensuse.security:def:103625	P	build-20190128-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3864	P	build-20190128-9.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17302	P	ImageMagick-6.8.8.1-71.126.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17333	P	lhasa-0.2.0-5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62891	P	build-20190128-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89970	P	build-20190128-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17375	P	libyaml-cpp0_5-0.5.3-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16700	P	build-20190128-9.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17341	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72610	P	build-20190128-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:9940	P	libyaml-0-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9918	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18481	P	Fixing security issues on OBS toolchain (Important)	2020-12-01
oval:org.opensuse.security:def:10462	P	libHX-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17535	P	Security update for postgresql93 (Moderate)	2020-12-01
oval:org.opensuse.security:def:17513	P	Security update for flac (Moderate)	2020-12-01
oval:org.opensuse.security:def:17501	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:10891	P	build on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26705	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26661	P	OpenEXR on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49730	P	build on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26647	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67873	P	gdk-pixbuf-query-loaders-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25929	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:17444	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:18173	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:17412	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:17817	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:17795	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:17783	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26608	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49676	P	libmad-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26559	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27343	P	curl-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26506	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26355	P	Security update for erlang (Moderate)	2020-12-01
oval:org.opensuse.security:def:49775	P	build on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26271	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:9910	P	libpython2_7-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17726	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:18455	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:17694	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:26005	P	Security update for libcdio (Moderate)	2020-12-01
oval:org.opensuse.security:def:17584	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25941	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:17548	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:18199	P	Fixing security issues on OBS toolchain (Important)	2020-12-01
oval:org.opensuse.security:def:17517	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49721	P	wavpack on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17460	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10869	P	DirectFB-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10526	P	libotr-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10513	P	libjson-c-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25930	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:10048	P	dbus-1-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10504	P	libicu-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27378	P	build on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9986	P	rsyslog on GA media (Moderate)	2020-12-01

BACK