Directory Traversal Vulnerabilities in Pax Archives Software
CVE-2015-1193

Currently unrated

Key Information:

Vendor: Pax Project
Status: Pax
Vendor: CVE Published:; 21 January 2015

🔔 Create Pax Project Vulnerability Alert

What is CVE-2015-1193?

Multiple directory traversal vulnerabilities exist in Pax, which allow remote attackers to manipulate file paths in a way that enables them to write to arbitrary files on the affected system. Specifically, attackers can exploit this flaw by providing a full pathname or utilizing the '..' (dot dot) sequence within an archive, effectively gaining unauthorized access to sensitive files or overwriting existing files. It is crucial for users of Pax to apply available patches and take preventive measures to safeguard their systems against these potential attacks.

References

http://www.openwall.com/lists/oss-security/2015/01/18/3

mailing-listx_refsource_MLIST

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774716

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2015
Vulnerability Reserved
Jan 18, 2015