| CNNVD-ID编号 | CNNVD-201911-244 |
| CVE编号 | CVE-2019-14866 |
| 发布时间 | 2019-11-06 |
| 更新时间 | 2021-02-04 |
| 漏洞类型 | 其他 |
| 漏洞来源 | N/A |
| 危险等级 | 高危 |
| 威胁类型 | 本地 |
| 厂 商 | N/A |
cpio是一款用于类UNIX系统的文件备份程序。
cpio 2.13之前版本中存在安全漏洞,该漏洞源于程序生成TAR归档文件时没有正确验证输入的文件。攻击者可利用该漏洞提升权限,入侵系统。
目前厂商已发布升级了cpio 安全漏洞的补丁,cpio 安全漏洞的补丁获取链接:
https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html
来源:lists.gnu.org
链接:https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866
来源:lists.gnu.org
链接:https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html
来源:security-tracker.debian.org
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20193064-1.html
来源:usn.ubuntu.com
来源:www.vuxml.org
链接:http://www.vuxml.org/freebsd/f59af308-07f3-11ea-8c56-f8b156b6dcc8.html
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159553/Red-Hat-Security-Advisory-2020-4255-01.html
来源:nvd.nist.gov
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159393/Red-Hat-Security-Advisory-2020-3908-01.html
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:www.ibm.com
来源:www.auscert.org.au
来源:www.ibm.com
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159661/Red-Hat-Security-Advisory-2020-4264-01.html
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155191/Ubuntu-Security-Notice-USN-4176-1.html
来源:www.auscert.org.au
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/cpio-file-creation-via-Restore-30787
暂无