Info

Disclosure

Apr 20, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

cpio contains a flaw that may allow a malicious user to modify permissions of arbitrary files. The issue is triggered via a hard link attack on a file while it is being decompressed. It is possible that the flaw may allow arbitrary file permission modification resulting in a loss of confidentiality and integrity.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

GNU	cpio	1.0
		1.1
		1.2
		1.3
		2.4.2
		2.5
		2.5.90
		2.6

References

Security Tracker: 1014547
Bugtraq ID: 13159
Secunia Advisory ID: 15751 15820 16437 16495 16737 16998 17123 17532 18290 18395 20117
CVE ID: 2005-1111 (see also: NVD)
ISS X-Force ID: 20204
Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:116
http://support.avaya.com/elmodocs2/security/ASA-2005-191.pdf
Other Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt ftp://patches.sgi.com/support/free/security/advisories/20050802-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
http://security.gentoo.org/glsa/glsa-200506-16.xml
http://www.debian.org/security/2005/dsa-846
http://www.trustix.org/errata/2005/0029/
http://www.ubuntu.com/usn/usn-189-1
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0178.html
Vendor URL: http://www.gnu.org/software/cpio/
RedHat RHSA: RHSA-2005:806

Credit

Imran Ghory - imranghorygmail.com -

Direct URL: http://osvdb.org/15725

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

GNU

cpio

References

Credit