Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1572

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-1999-1572
Last Modified 21 Aug 2010 12:02:40
Published 16 Jul 1996 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-1999-1572

Summary

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Vulnerable Systems

Operating System

  • Debian Linux 3.0

  • Freebsd 2.1.0

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 10.1

  • Mandrakesoft Mandrake Linux 9.2

  • Mandrakesoft Mandrake Linux Cs2.1

  • Mandrakesoft Mandrake Linux Cs3.0

  • Redhat Enterprise Linux 4.0

  • Redhat Enterprise Linux Desktop 4.0

  • Ubuntu Linux 4.10


References

XF - cpio-o-archive-insecure-permissions(19167)

TRUSTIX - 2005-0003

REDHAT - RHSA-2005:080

REDHAT - RHSA-2005:073

MISC - http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391

DEBIAN - DSA-664

REDHAT - RHSA-2005:806

MANDRAKE - MDKSA-2005:032

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf

SECUNIA - 17532

SECUNIA - 17063

SECUNIA - 14357

BUGTRAQ - 20050204 [USN-75-1] cpio vulnerability


Last Updated: 27 May 2016 10:35:30