Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1111

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2005-1111
Last Modified 21 Aug 2010 12:27:38
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2005-1111

Summary

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

Vulnerable Systems

Application

  • Gnu Cpio 1.0

  • Gnu Cpio 1.1

  • Gnu Cpio 1.2

  • Gnu Cpio 1.3

  • Gnu Cpio 2.4-2

  • Gnu Cpio 2.5

  • Gnu Cpio 2.5.90

  • Gnu Cpio 2.6


References

BID - 13159

BUGTRAQ - 20050413 cpio TOCTOU file-permissions vulnerability

UBUNTU - USN-189-1

REDHAT - RHSA-2005:806

REDHAT - RHSA-2005:378

OSVDB - 15725

DEBIAN - DSA-846

SECUNIA - 20117

SECUNIA - 18395

SECUNIA - 18290

SECUNIA - 17532

SECUNIA - 17123

SECUNIA - 16998

SUSE - SUSE-SR:2006:010

SCO - SCOSA-2005.32

SCO - SCOSA-2006.2

FREEBSD - FreeBSD-SA-06:03


Last Updated: 27 May 2016 10:40:02