Vulnerability Details CVE-2010-4226
cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2011-03/msg00008.html
- http://support.novell.com/security/cve/CVE-2010-4226.html
- https://bugzilla.novell.com/show_bug.cgi?id=665768
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2011-03/msg00008.html
- http://support.novell.com/security/cve/CVE-2010-4226.html
- https://bugzilla.novell.com/show_bug.cgi?id=665768
Products affected by CVE-2010-4226
-
cpe:2.3:a:gnu:cpio:-
-
cpe:2.3:a:gnu:cpio:1.0
-
cpe:2.3:a:gnu:cpio:1.1
-
cpe:2.3:a:gnu:cpio:1.2
-
cpe:2.3:a:gnu:cpio:1.3
-
cpe:2.3:a:gnu:cpio:2.10
-
cpe:2.3:a:gnu:cpio:2.11
-
cpe:2.3:a:gnu:cpio:2.12
-
cpe:2.3:a:gnu:cpio:2.13
-
cpe:2.3:a:gnu:cpio:2.4-2
-
cpe:2.3:a:gnu:cpio:2.5
-
cpe:2.3:a:gnu:cpio:2.5.90
-
cpe:2.3:a:gnu:cpio:2.6
-
cpe:2.3:a:gnu:cpio:2.7
-
cpe:2.3:a:gnu:cpio:2.8
-
cpe:2.3:a:gnu:cpio:2.9
-
cpe:2.3:o:opensuse:opensuse:2007.05.10
-
cpe:2.3:o:opensuse:opensuse:2010.07.28