CVE-2005-1111

Related Files

Debian Linux Security Advisory 846-1

Posted Oct 8, 2005

Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 846-1 - Two vulnerabilities have been discovered in cpio, a program to manage archives of files.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2005-1111, CVE-2005-1229

SHA-256 | c665205959ec8f3619720b2de74392a8140fdb744d012e6f45e8a52f82aa1760

Download | Favorite | View

usn-189-1.txt

Posted Oct 4, 2005

Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-189-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran Ghory also discovered a path traversal vulnerability. Even when the --no-absolute-filenames option was specified, cpio did not filter out ".." path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CVE-2005-1229)

tags | advisory, arbitrary, local

systems | linux, ubuntu

advisories | CVE-2005-1111, CVE-2005-1229

SHA-256 | 6c020b860f3162b5c142afd08d7d2ed80874cb3d6613efa8875483bac869d12a

Download | Favorite | View

Gentoo Linux Security Advisory 200506-16

Posted Jun 21, 2005

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200506-16 - A vulnerability has been found in cpio that can potentially allow a cpio archive to extract its files to an arbitrary directory of the creator's choice. Versions less than 2.6-r3 are affected.

tags | advisory, arbitrary

systems | linux, gentoo

advisories | CVE-2005-1111

SHA-256 | 56da6d591149beb5f762ec3683a0d848342609cabfac8f21e3af5fc1af076fea

Download | Favorite | View