CVE-2005-1111

Severity

37%

Complexity

19%

Confidentiality

106%

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

CVSS 2.0 Base Score 3.7. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P).

Overview

Type

GNU cpio

First reported 20 years ago

2005-05-02 04:00:00

Last updated 7 years ago

2017-10-11 01:30:00

Affected Software

GNU cpio 1.0

1.0

GNU cpio 1.1

1.1

GNU cpio 1.2

1.2

GNU cpio 1.3

1.3

GNU cpio 2.4.2

2.4-2

GNU cpio 2.5

2.5

GNU cpio 2.5.90

2.5.90

GNU cpio 2.6

2.6

References

FreeBSD-SA-06:03

SCOSA-2006.2

SCOSA-2005.32

SUSE-SR:2006:010

20050413 cpio TOCTOU file-permissions vulnerability

16998

17123

17532

18290

18395

20117

DSA-846

15725

RHSA-2005:378

RHSA-2005:806

13159

USN-189-1

oval:org.mitre.oval:def:358

oval:org.mitre.oval:def:9783

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.