Vulnerability CVE-2015-0552

Vulnerability Name:

CVE-2015-0552 (CCN-99663)

Assigned:

2015-01-05

Published:

2015-01-05

Updated:

2018-10-30

Summary:

Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
5.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2015-0552

Source: CCN
Type: gcap Web site
GNOME: The Free Software Desktop Project

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:0043

Source: CCN
Type: oss-security Mailing List, Mon, 5 Jan 2015 11:27:51 -0500 (EST)
Re: CVE Request: gcab: directory traversal

Source: SECUNIA
Type: UNKNOWN
62310

Source: MLIST
Type: UNKNOWN
[oss-security] 20150105 Re: CVE Request: gcab: directory traversal

Source: CCN
Type: BID-71867
gcab 'gcab-folder.c' Local Directory Traversal Vulnerability

Source: CONFIRM
Type: Exploit
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774580

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.gnome.org/show_bug.cgi?id=742331

Source: XF
Type: UNKNOWN
gcab-cve20150552-dir-traversal(99663)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-0552

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnome:gcab:0.4:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20150552	V	CVE-2015-0552	2023-06-22
oval:org.opensuse.security:def:7890	P	gcab-1.1-1.15 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7458	P	c-ares-devel-1.19.0-150000.3.20.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7480	P	dbus-1-glib-0.108-1.29 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:626	P	Security update for kubernetes1.18 (Moderate) (in QA)	2022-09-27
oval:org.opensuse.security:def:737	P	Security update for ImageMagick (Moderate)	2022-09-06
oval:org.opensuse.security:def:3272	P	libunwind-1.1-11.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3175	P	libgcab-1_0-0-0.6-1.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3595	P	libgcab-1_0-0-0.6-1.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94902	P	gcab-1.1-1.15 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1073	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:1185	P	Security update for dpkg (Low) (in QA)	2022-05-27
oval:org.opensuse.security:def:1318	P	Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) (Important)	2022-04-24
oval:org.opensuse.security:def:1657	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:100725	P	(Important)	2022-03-30
oval:org.opensuse.security:def:1541	P	Security update for MozillaThunderbird (Important)	2022-03-21
oval:org.opensuse.security:def:962	P	Security update for vim (Important)	2022-03-04
oval:org.opensuse.security:def:1429	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3) (Critical)	2022-02-17
oval:org.opensuse.security:def:112270	P	gcab-0.7-1.5 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:8800	P	Security update for libvirt (Important) (in QA)	2021-12-30
oval:org.opensuse.security:def:105796	P	Security update for libvirt (Important) (in QA)	2021-12-30
oval:org.opensuse.security:def:69943	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:8658	P	Security update for curl (Moderate)	2021-10-06
oval:org.opensuse.security:def:71224	P	libICE-devel-1.0.9-1.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:37538	P	Security update for openssl1 (Low)	2021-09-18
oval:org.opensuse.security:def:8639	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:8822	P	Security update for fetchmail (Moderate)	2021-08-20
oval:org.opensuse.security:def:47162	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47258	P	fuse-2.9.3-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47848	P	perl-Archive-Zip-1.34-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14994	P	libgcab-1_0-0-0.6-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48304	P	screen-4.0.4-23.3.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47587	P	curl-7.60.0-2.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48257	P	pam_ssh-2.0-1.39 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47608	P	file-5.22-10.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48208	P	libtirpc-netconfig-1.0.1-17.13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47273	P	gpgme-1.5.1-1.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47959	P	automake-1.13.4-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47283	P	gv-3.7.4-1.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48062	P	lftp-4.7.4-3.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47719	P	libicu-doc-52.1-8.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48319	P	systemtap-3.0-20.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48114	P	libgcab-1_0-0-0.6-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47148	P	rsyslog-8.4.0-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47700	P	libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48273	P	policycoreutils-2.5-10.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47394	P	libpng15-15-1.5.22-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48173	P	libpng15-15-1.5.22-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47147	P	rsync-3.1.0-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47476	P	procmail-3.22-267.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48146	P	liblzo2-2-2.08-1.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47259	P	gd-2.1.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47811	P	libwireshark9-2.4.9-48.29.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:72465	P	gcab-1.1-1.15 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62746	P	gcab-1.1-1.15 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101152	P	gcab-1.1-1.15 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:8624	P	Security update for dbus-1 (Important)	2021-07-27
oval:org.opensuse.security:def:8791	P	Security update for wireshark (Important)	2021-06-22
oval:org.opensuse.security:def:67771	P	Security update for the Linux Kernel (Live Patch 18 for SLE 15) (Important)	2021-06-18
oval:org.opensuse.security:def:64524	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:71111	P	tcpdump-4.9.2-1.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48415	P	fetchmail-6.3.26-12.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48375	P	automake-1.13.4-6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48486	P	libdcerpc-atsvc0-4.2.4-26.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48384	P	clamav-0.99.2-25.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:37499	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:8758	P	Security update for lz4 (Important)	2021-05-19
oval:org.opensuse.security:def:9482	P	Security update for MozillaFirefox (Important)	2021-04-01
oval:org.opensuse.security:def:8733	P	Security update for OpenIPMI (Moderate)	2021-04-01
oval:org.opensuse.security:def:94012	P	(Low)	2021-03-29
oval:org.opensuse.security:def:6731	P	Security update for the Linux Kernel (Live Patch 20 for SLE 15) (Important)	2021-03-17
oval:org.opensuse.security:def:9460	P	Security update for bind (Important)	2021-03-02
oval:org.opensuse.security:def:49460	P	Security update for php74 (Important)	2021-02-19
oval:org.opensuse.security:def:8809	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:8577	P	Security update for ImageMagick (Moderate)	2021-01-18
oval:org.opensuse.security:def:8531	P	Security update for openssl-1_1 (Important)	2020-12-09
oval:org.opensuse.security:def:66692	P	Security update for the Linux Kernel (Important)	2020-12-08
oval:org.opensuse.security:def:89868	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72349	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62518	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103523	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116949	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62630	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72126	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107391	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72237	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12988	P	libgcab-1_0-0-0.6-1.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62407	P	gcab-1.1-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:6575	P	ctags on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6756	P	libsndfile1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38248	P	libXRes1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67871	P	gcab on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36847	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64437	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:6507	P	shim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37391	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6656	P	libQt5Concurrent5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37610	P	libxerces-c-3_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6807	P	patch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49626	P	gcab on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49349	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36752	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73265	P	nfs-client on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6499	P	rhythmbox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37141	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70048	P	gcab on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6622	P	groff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38290	P	libgcab-1_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6789	P	libzzip-0-13 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66600	P	ppc64-diag on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8509	P	qemu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36751	P	socat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36983	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73383	P	gcab on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6529	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37450	P	groff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8501	P	procmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6820	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49403	P	gcab on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36763	P	tigervnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37231	P	libnm-glib-vpn1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6637	P	hyper-v on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37566	P	libpcre1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6798	P	opensc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49572	P	libpotrace0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37084	P	colord-gtk-lang on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49514	P	gcab on GA media (Moderate)	2020-12-01

BACK