You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2010 4226
About this tag
CVE-2010-4226 is a vulnerability in cpio, a Unix archiving tool historically used by RPM to process package payloads. The flaw allows symlink attacks: a crafted RPM can contain symbolic links that, when extracted by cpio, overwrite arbitrary files on the system. This can lead to privilege escalation by targeting sensitive files such as /etc/passwd or root/.ssh/authorized_keys. The issue is documented in multiple vulnerability databases and vendor advisories. Discussions on WindowsForum.com cover the technical background, attack vectors, and mitigation strategies for this vulnerability, which primarily affects Linux systems using RPM-based package management.
cpio’s handling of symbolic links in certain historical builds opened a deceptively simple attack vector: crafted RPM payloads that leverage symlinks to overwrite arbitrary files on extraction, a flaw tracked as CVE-2010-4226 and documented in multiple vulnerability databases and vendor...