symlink attack

cpio’s handling of symbolic links in certain historical builds opened a deceptively simple attack vector: crafted RPM payloads that leverage symlinks to overwrite arbitrary files on extraction, a flaw tracked as CVE-2010-4226 and documented in multiple vulnerability databases and vendor...