Showing 1 - 1 of 1

CVE-2023-52138

Status Candidate

Overview

Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.

Related Files

Debian Security Advisory 5625-1: Posted Feb 19, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5625-1 - It was discovered that Engrampa, an archive manager for the MATE desktop environment was susceptible to path traversal when handling CPIO archives.; tags | advisory; systems | linux, debian; advisories | CVE-2023-52138; SHA-256 | 9a1c7ac8fc318436774871b923098a3518f8bb8e1317c906db1ea7b583840645; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 70 files
indoushka 69 files
Debian 22 files
LiquidWorm 20 files
Google Security Research 8 files
Gentoo 7 files
malvuln 6 files
Emiliano Febbi 4 files
Seth Jenkins 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,147)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,676)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,132)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,946)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

CVE-2023-52138

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems