CVE-2005-1111
CVSS3.7
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:17:19
NMCOPS    

[原文]Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.


[CNNVD]CPIO CHMod文件权限修改竞态条件漏洞(CNNVD-200505-294)

        cpio 2.6以及较早版本中的竞争状况,本地用户可以通过对正在解压缩的文件实施硬链接攻击来修改任意文件的权限,但其文件的权限可以在解压缩完成后由cpio修改。

- CVSS (基础分值)

CVSS分值: 3.7 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gnu:cpio:1.1GNU cpio 1.1
cpe:/a:gnu:cpio:1.3GNU cpio 1.3
cpe:/a:gnu:cpio:1.0GNU cpio 1.0
cpe:/a:gnu:cpio:2.4-2GNU cpio 2.4.2
cpe:/a:gnu:cpio:2.5.90GNU cpio 2.5.90
cpe:/a:gnu:cpio:2.5GNU cpio 2.5
cpe:/a:gnu:cpio:1.2GNU cpio 1.2
cpe:/a:gnu:cpio:2.6GNU cpio 2.6

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9783Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it...
oval:org.mitre.oval:def:358cpio Race Condition
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1111
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-294
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-06:03
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt
(UNKNOWN)  SCO  SCOSA-2006.2
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt
(UNKNOWN)  SCO  SCOSA-2005.32
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
(UNKNOWN)  SUSE  SUSE-SR:2006:010
http://marc.info/?l=bugtraq&m=111342664116120&w=2
(UNKNOWN)  BUGTRAQ  20050413 cpio TOCTOU file-permissions vulnerability
http://www.debian.org/security/2005/dsa-846
(UNKNOWN)  DEBIAN  DSA-846
http://www.redhat.com/support/errata/RHSA-2005-378.html
(UNKNOWN)  REDHAT  RHSA-2005:378
http://www.redhat.com/support/errata/RHSA-2005-806.html
(UNKNOWN)  REDHAT  RHSA-2005:806
http://www.securityfocus.com/bid/13159
(UNKNOWN)  BID  13159
http://www.ubuntu.com/usn/usn-189-1
(UNKNOWN)  UBUNTU  USN-189-1

- 漏洞信息

CPIO CHMod文件权限修改竞态条件漏洞
低危 竞争条件
2005-05-02 00:00:00 2005-10-20 00:00:00
本地  
        cpio 2.6以及较早版本中的竞争状况,本地用户可以通过对正在解压缩的文件实施硬链接攻击来修改任意文件的权限,但其文件的权限可以在解压缩完成后由cpio修改。

- 公告与补丁

        暂无数据

- 漏洞信息 (F40512)

Debian Linux Security Advisory 846-1 (PacketStormID:F40512)
2005-10-08 00:00:00
Debian  security.debian.org
advisory,vulnerability
linux,debian
CVE-2005-1111,CVE-2005-1229
[点击下载]

Debian Security Advisory DSA 846-1 - Two vulnerabilities have been discovered in cpio, a program to manage archives of files.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 846-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 7th, 2005                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cpio
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CAN-2005-1111 CAN-2005-1229
Debian Bug     : 306693 305372

Two vulnerabilities have been discovered in cpio, a program to manage
archives of files.  The Common Vulnerabilities and Exposures project
identifies the following problems:

CAN-2005-1111

    Imran Ghory discovered a race condition in setting the file
    permissions of files extracted from cpio archives.  A local
    attacker with write access to the target directory could exploit
    this to alter the permissions of arbitrary files the extracting
    user has write permissions for.

CAN-2005-1229

    Imran Ghory discovered that cpio does not sanitise the path of
    extracted files even if the --no-absolute-filenames option was
    specified.  This can be exploited to install files in arbitrary
    locations where the extracting user has write permissions to.

For the old stable distribution (woody) these problems have been fixed in
version 2.4.2-39woody2.

For the stable distribution (sarge) these problems have been fixed in
version 2.5-1.3.

For the unstable distribution (sid) these problems have been fixed in
version 2.6-6.

We recommend that you upgrade your cpio package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2.dsc
      Size/MD5 checksum:      549 15ede7cbecf63993116b4e6a6565a52a
    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2.diff.gz
      Size/MD5 checksum:    23977 58175edde016c3ddb92804479697288f
    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2.orig.tar.gz
      Size/MD5 checksum:   181728 3e976db71229d52a8a135540698052df

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_alpha.deb
      Size/MD5 checksum:    72916 8a3c436670b93fe9d6c0d7b9c6620826

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_arm.deb
      Size/MD5 checksum:    64050 96781e9c208d4629c9bad9fd489a6752

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_i386.deb
      Size/MD5 checksum:    61704 c4fd8a026047cd14a9516224d8319e13

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_ia64.deb
      Size/MD5 checksum:    84576 5d9d925c312a5a9f141949c134fd23d3

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_hppa.deb
      Size/MD5 checksum:    69922 219bd8e8d9de88975eca8c8df4e9ddd9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_m68k.deb
      Size/MD5 checksum:    59998 b4ef64480db82238635e1c7f5b851eee

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_mips.deb
      Size/MD5 checksum:    69160 a3f333c7b10c4f06a37de29de89844c1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_mipsel.deb
      Size/MD5 checksum:    68852 d704acf1b5d5c82ab024f6d45eab5686

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_powerpc.deb
      Size/MD5 checksum:    64284 4227c627aa48dc40cacdde9cb866322a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_s390.deb
      Size/MD5 checksum:    64190 975304691e816ea35e5b1a1edbaca8fc

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_sparc.deb
      Size/MD5 checksum:    65916 e9fcc403a99fa3c930c9a7ede7daeef4


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3.dsc
      Size/MD5 checksum:      533 ab5695c02739c74d12ceb5ccf15a2f9e
    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3.diff.gz
      Size/MD5 checksum:    26981 658f6330c2e56576251755f21291a22a
    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5.orig.tar.gz
      Size/MD5 checksum:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_alpha.deb
      Size/MD5 checksum:    75340 e5f2db24ac4a7fa37e03299092e04869

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_amd64.deb
      Size/MD5 checksum:    68580 e04afdcd5c4cd7d4ae7b9314c91f2003

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_arm.deb
      Size/MD5 checksum:    65356 599f5449dcd3c6774becab5db930c1eb

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_i386.deb
      Size/MD5 checksum:    64862 0af18766ab51b22276fe1458e19e6dfa

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_ia64.deb
      Size/MD5 checksum:    85968 ec853bd84c3c86a86edd1eaab3daaed9

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_hppa.deb
      Size/MD5 checksum:    70918 7d189eac1083bf7171a3378e076bd41d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_m68k.deb
      Size/MD5 checksum:    61566 5a1b92f6d84b61108c382f282541d4fd

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_mips.deb
      Size/MD5 checksum:    73286 3e159d225f6ed5683206ee891e73e411

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_mipsel.deb
      Size/MD5 checksum:    72982 593e2f05e139ff23ba448289dde24085

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_powerpc.deb
      Size/MD5 checksum:    67680 4fd0a44a984aa4dba6bde7144289fc82

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_s390.deb
      Size/MD5 checksum:    68708 6ecc6f8ad9a1f5fd56eeea4fe421ef39

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_sparc.deb
      Size/MD5 checksum:    64812 04cec657cd5681d4ab8c8e27f70d1653


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDRpmCW5ql+IAeqTIRAtJjAJ94khV46v1zUOprLrbJc2Easen2DgCgr5VR
1iHrHampcGZM5I7I7Wcn4G4=
=3252
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F40375)

usn-189-1.txt (PacketStormID:F40375)
2005-10-04 00:00:00
Martin Pitt  security.ubuntu.com
advisory,arbitrary,local
linux,ubuntu
CVE-2005-1111,CVE-2005-1229
[点击下载]

Ubuntu Security Notice USN-189-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran Ghory also discovered a path traversal vulnerability. Even when the --no-absolute-filenames option was specified, cpio did not filter out ".." path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CVE-2005-1229)

--tqI+Z3u+9OQ7kwn0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-189-1	 September 29, 2005
cpio vulnerabilities
CAN-2005-1111, CAN-2005-1229
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

cpio

The problem can be corrected by upgrading the affected package to
version 2.5-1.1ubuntu0.2 (for Ubuntu 4.10), or 2.5-1.1ubuntu1.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Imran Ghory found a race condition in the handling of output files.
While a file was unpacked with cpio, a local attacker with write
permissions to the target directory could exploit this to change the
permissions of arbitrary files of the cpio user. (CAN-2005-1111)

Imran Ghory discovered a path traversal vulnerability. Even when the
--no-absolute-filenames option was specified, cpio did not filter out
".." path components. By tricking an user into unpacking a malicious
cpio archive, this could be exploited to install files in arbitrary
paths with the privileges of the user calling cpio. (CAN-2005-1229)


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2.diff.gz
      Size/MD5:    27421 3800b28741820b67d89b8be0ca1b4c3a
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2.dsc
      Size/MD5:      551 536a242096b46cbac9caf1e034e89f88
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5.orig.tar.gz
      Size/MD5:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_amd64.deb
      Size/MD5:    68648 777b4ff7fa18697307311f3f306a61dd

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_i386.deb
      Size/MD5:    64158 6c8ee133865b826e666fe035eba229c2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_powerpc.deb
      Size/MD5:    67678 a52efbe49389c50a4c6abed05dd79e95

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1.diff.gz
      Size/MD5:    27418 0fb7a011377dd62652cacc4366d44baf
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1.dsc
      Size/MD5:      551 d78ae16b8c3bcf9bdc9348dd7dd3d02f
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5.orig.tar.gz
      Size/MD5:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_amd64.deb
      Size/MD5:    68686 00a2b4f57d4766e778f5de385c544549

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_i386.deb
      Size/MD5:    63972 b46cbb91273fc79d7ac1c82c3f0a27c5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_powerpc.deb
      Size/MD5:    67680 7f47d3eae5b01639f80c051ba77fbaa6

--tqI+Z3u+9OQ7kwn0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO8ipDecnbV4Fd/IRApy+AKDcCu2Fa9lMuuJYGEtlgkQV0OFn+gCgzQIX
EZd1xRmz5XN5q1cU1cvxCCs=
=TG42
-----END PGP SIGNATURE-----

--tqI+Z3u+9OQ7kwn0--
    

- 漏洞信息 (F38189)

Gentoo Linux Security Advisory 200506-16 (PacketStormID:F38189)
2005-06-21 00:00:00
Gentoo  security.gentoo.org
advisory,arbitrary
linux,gentoo
CVE-2005-1111
[点击下载]

Gentoo Linux Security Advisory GLSA 200506-16 - A vulnerability has been found in cpio that can potentially allow a cpio archive to extract its files to an arbitrary directory of the creator's choice. Versions less than 2.6-r3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200506-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: cpio: Directory traversal vulnerability
      Date: June 20, 2005
      Bugs: #90619
        ID: 200506-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

cpio contains a flaw which may allow a specially crafted cpio archive
to extract files to an arbitrary directory.

Background
==========

cpio is a file archival tool which can also read and write tar files.

Affected packages
=================

    -------------------------------------------------------------------
     Package        /  Vulnerable  /                        Unaffected
    -------------------------------------------------------------------
  1  app-arch/cpio      < 2.6-r3                             >= 2.6-r3

Description
===========

A vulnerability has been found in cpio that can potentially allow a
cpio archive to extract its files to an arbitrary directory of the
creator's choice.

Impact
======

An attacker could create a malicious cpio archive which would create
files in arbitrary locations on the victim's system. This issue could
also be used in conjunction with a previous race condition
vulnerability (CAN-2005-1111) to change permissions on files owned by
the victim.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All cpio users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.6-r3"

References
==========

  [ 1 ] Original Advisory
        http://www.securityfocus.com/archive/1/396429
  [ 2 ] CAN-2005-1111
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1111

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-16.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

15725
cpio Race Condition Arbitrary File Permission Modification
Local Access Required Race Condition
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

cpio contains a flaw that may allow a malicious user to modify permissions of arbitrary files. The issue is triggered via a hard link attack on a file while it is being decompressed. It is possible that the flaw may allow arbitrary file permission modification resulting in a loss of confidentiality and integrity.

- 时间线

2005-04-20 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

CPIO CHMod File Permission Modification Race Condition Weakness
Race Condition Error 13159
No Yes
2005-04-13 12:00:00 2006-05-15 09:49:00
Discovery of this weakness is credited to Imran Ghory <imranghory@gmail.com>.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI ProPack 3.0 SP6
SCO Unixware 7.1.4
SCO Unixware 7.1.3 up
SCO Unixware 7.1.3
SCO Open Server 6.0
SCO Open Server 5.0.7
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
GNU cpio 2.6
+ Gentoo Linux
+ Mandriva Linux Mandrake 2006.0 x86_64
+ Mandriva Linux Mandrake 2006.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
GNU cpio 2.5.90
GNU cpio 2.5
+ Debian Linux 3.1
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Ubuntu Ubuntu Linux 5.10 powerpc
+ Ubuntu Ubuntu Linux 5.10 i386
+ Ubuntu Ubuntu Linux 5.10 amd64
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
GNU cpio 2.4.2
GNU cpio 1.3
GNU cpio 1.2
GNU cpio 1.1
GNU cpio 1.0
FreeBSD FreeBSD 6.0 -STABLE
FreeBSD FreeBSD 6.0 -RELEASE
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE/Alpha
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0 -RELEASE-p14
FreeBSD FreeBSD 5.0 alpha
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 4.11 -RELENG
FreeBSD FreeBSD 4.11 -RELEASE-p3
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE-p8
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 3.x
FreeBSD FreeBSD 2.x
FreeBSD FreeBSD -current
Conectiva Linux 10.0
Avaya Intuity Audix R5 0

- 漏洞讨论

The cpio utility is prone to a security weakness. The issue occurs only when an archive is extracted into a world- or group-writeable directory. Reportedly, cpio employs non-atomic procedures to write a file and later change the permissions on the newly extracted file.

A local attacker may leverage this issue to modify file permissions of target files.

This weakness affects cpio version 2.6 and previous versions.

- 漏洞利用

No exploit is required.

- 解决方案



Please see the references for vendor advisories and fixes.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com


GNU cpio 1.1

GNU cpio 2.5

SGI ProPack 3.0 SP6

FreeBSD FreeBSD 4.11 -STABLE

FreeBSD FreeBSD 5.3

FreeBSD FreeBSD 5.3 -STABLE

FreeBSD FreeBSD 5.4 -RELENG

FreeBSD FreeBSD 6.0 -STABLE

SCO Open Server 6.0

FreeBSD FreeBSD 6.0 -RELEASE

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站