CVE-2005-1229
CVSS4.6
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:18:23
NMCOPS    

[原文]Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.


[CNNVD]CPIO文件名目录遍历漏洞(CNNVD-200505-625)

        cpio 2.6及更早版本中存在目录遍历漏洞,远程攻击者可以通过一个在cpio文件内的.. (点点)写入任意目录。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1229
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1229
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-625
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-06:03
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt
(UNKNOWN)  SCO  SCOSA-2006.2
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt
(UNKNOWN)  SCO  SCOSA-2005.32
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
(UNKNOWN)  SUSE  SUSE-SR:2006:010
http://marc.info/?l=bugtraq&m=111403177526312&w=2
(UNKNOWN)  BUGTRAQ  20050420 cpio directory traversal vulnerability
http://www.debian.org/security/2005/dsa-846
(UNKNOWN)  DEBIAN  DSA-846
http://www.mandriva.com/security/advisories?name=MDKSA-2007:233
(UNKNOWN)  MANDRIVA  MDKSA-2007:233
http://www.securityfocus.com/bid/13291
(UNKNOWN)  BID  13291
http://www.ubuntu.com/usn/usn-189-1
(UNKNOWN)  UBUNTU  USN-189-1
http://xforce.iss.net/xforce/xfdb/20204
(UNKNOWN)  XF  cpio-directory-traversal(20204)

- 漏洞信息

CPIO文件名目录遍历漏洞
中危 路径遍历
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        cpio 2.6及更早版本中存在目录遍历漏洞,远程攻击者可以通过一个在cpio文件内的.. (点点)写入任意目录。

- 公告与补丁

        暂无数据

- 漏洞信息 (F61346)

Mandriva Linux Security Advisory 2007.233 (PacketStormID:F61346)
2007-11-29 00:00:00
Mandriva  mandriva.com
advisory,remote,overflow,arbitrary
linux,mandriva
CVE-2007-4476,CVE-2005-1229
[点击下载]

Mandriva Linux Security Advisory - Buffer overflow in the safer_name_suffix function in GNU cpio has unspecified attack vectors and impact, resulting in a crashing stack. This problem is originally found in tar, but affects cpio too, due to similar code fragments. Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. This is an old issue, affecting only Mandriva Corporate Server 4 and Mandriva Linux 2007.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:233
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cpio
 Date    : November 28, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Buffer overflow in the safer_name_suffix function in GNU cpio
 has unspecified attack vectors and impact, resulting in a crashing
 stack. This problem is originally found in tar, but affects cpio too,
 due to similar code fragments. (CVE-2007-4476)
 
 Directory traversal vulnerability in cpio 2.6 and earlier allows remote
 attackers to write to arbitrary directories via a .. (dot dot) in a
 cpio file. This is an old issue, affecting only Mandriva Corporate
 Server 4 and Mandriva Linux 2007. (CVE-2005-1229)
 
 Updated package fixes these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1229
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 88af30721a848b5fd4b3e26c5c055846  2007.0/i586/cpio-2.6-7.1mdv2007.0.i586.rpm 
 250697255ccc671ca2a01c2ba762aac6  2007.0/SRPMS/cpio-2.6-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 fc1e32f7b528997237b392b1c1da9c3c  2007.0/x86_64/cpio-2.6-7.1mdv2007.0.x86_64.rpm 
 250697255ccc671ca2a01c2ba762aac6  2007.0/SRPMS/cpio-2.6-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 0814f474aa054b2b7fc92af6e1f5ba01  2007.1/i586/cpio-2.7-3.1mdv2007.1.i586.rpm 
 7292ed206fa271c377cbe72577b42a0d  2007.1/SRPMS/cpio-2.7-3.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 851d9793b6f791817bc76b558f8fdd5b  2007.1/x86_64/cpio-2.7-3.1mdv2007.1.x86_64.rpm 
 7292ed206fa271c377cbe72577b42a0d  2007.1/SRPMS/cpio-2.7-3.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 a6747328c665be64979fee53f3878fdb  2008.0/i586/cpio-2.9-2.1mdv2008.0.i586.rpm 
 de436966331be58abba226049bff8edf  2008.0/SRPMS/cpio-2.9-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 953e95a47bb9a978aa1b98e1c7f56e65  2008.0/x86_64/cpio-2.9-2.1mdv2008.0.x86_64.rpm 
 de436966331be58abba226049bff8edf  2008.0/SRPMS/cpio-2.9-2.1mdv2008.0.src.rpm

 Corporate 3.0:
 4dfe1f2b387d396eca07927d65a77ce4  corporate/3.0/i586/cpio-2.5-4.4.C30mdk.i586.rpm 
 10e1e7fcb59c195b6f679b80e75fade0  corporate/3.0/SRPMS/cpio-2.5-4.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 dc91afd2f8c7b93a95b898cc9a98182a  corporate/3.0/x86_64/cpio-2.5-4.4.C30mdk.x86_64.rpm 
 10e1e7fcb59c195b6f679b80e75fade0  corporate/3.0/SRPMS/cpio-2.5-4.4.C30mdk.src.rpm

 Corporate 4.0:
 79936c67409d3889d7988fecfde649b5  corporate/4.0/i586/cpio-2.6-5.1.20060mlcs4.i586.rpm 
 593f22ed1a261614a1f0d45932b6c441  corporate/4.0/SRPMS/cpio-2.6-5.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 a32dd1c2fcb89b32dacd9c7f5d56acd7  corporate/4.0/x86_64/cpio-2.6-5.1.20060mlcs4.x86_64.rpm 
 593f22ed1a261614a1f0d45932b6c441  corporate/4.0/SRPMS/cpio-2.6-5.1.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 3abab72dae445f67c65d58f975f8816c  mnf/2.0/i586/cpio-2.5-4.4.M20mdk.i586.rpm 
 2a1e733d240e05b2771c135ebcbca4d4  mnf/2.0/SRPMS/cpio-2.5-4.4.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHTfdRmqjQ0CJFipgRAiBcAJ9lW2Xb2u2NBqtF/Gfl90DlD3yXLgCg1atN
gTm4NWlU7BE5H/nvQQzHhgU=
=Fg/j
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F40512)

Debian Linux Security Advisory 846-1 (PacketStormID:F40512)
2005-10-08 00:00:00
Debian  security.debian.org
advisory,vulnerability
linux,debian
CVE-2005-1111,CVE-2005-1229
[点击下载]

Debian Security Advisory DSA 846-1 - Two vulnerabilities have been discovered in cpio, a program to manage archives of files.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 846-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 7th, 2005                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cpio
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CAN-2005-1111 CAN-2005-1229
Debian Bug     : 306693 305372

Two vulnerabilities have been discovered in cpio, a program to manage
archives of files.  The Common Vulnerabilities and Exposures project
identifies the following problems:

CAN-2005-1111

    Imran Ghory discovered a race condition in setting the file
    permissions of files extracted from cpio archives.  A local
    attacker with write access to the target directory could exploit
    this to alter the permissions of arbitrary files the extracting
    user has write permissions for.

CAN-2005-1229

    Imran Ghory discovered that cpio does not sanitise the path of
    extracted files even if the --no-absolute-filenames option was
    specified.  This can be exploited to install files in arbitrary
    locations where the extracting user has write permissions to.

For the old stable distribution (woody) these problems have been fixed in
version 2.4.2-39woody2.

For the stable distribution (sarge) these problems have been fixed in
version 2.5-1.3.

For the unstable distribution (sid) these problems have been fixed in
version 2.6-6.

We recommend that you upgrade your cpio package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2.dsc
      Size/MD5 checksum:      549 15ede7cbecf63993116b4e6a6565a52a
    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2.diff.gz
      Size/MD5 checksum:    23977 58175edde016c3ddb92804479697288f
    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2.orig.tar.gz
      Size/MD5 checksum:   181728 3e976db71229d52a8a135540698052df

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_alpha.deb
      Size/MD5 checksum:    72916 8a3c436670b93fe9d6c0d7b9c6620826

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_arm.deb
      Size/MD5 checksum:    64050 96781e9c208d4629c9bad9fd489a6752

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_i386.deb
      Size/MD5 checksum:    61704 c4fd8a026047cd14a9516224d8319e13

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_ia64.deb
      Size/MD5 checksum:    84576 5d9d925c312a5a9f141949c134fd23d3

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_hppa.deb
      Size/MD5 checksum:    69922 219bd8e8d9de88975eca8c8df4e9ddd9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_m68k.deb
      Size/MD5 checksum:    59998 b4ef64480db82238635e1c7f5b851eee

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_mips.deb
      Size/MD5 checksum:    69160 a3f333c7b10c4f06a37de29de89844c1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_mipsel.deb
      Size/MD5 checksum:    68852 d704acf1b5d5c82ab024f6d45eab5686

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_powerpc.deb
      Size/MD5 checksum:    64284 4227c627aa48dc40cacdde9cb866322a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_s390.deb
      Size/MD5 checksum:    64190 975304691e816ea35e5b1a1edbaca8fc

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_sparc.deb
      Size/MD5 checksum:    65916 e9fcc403a99fa3c930c9a7ede7daeef4


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3.dsc
      Size/MD5 checksum:      533 ab5695c02739c74d12ceb5ccf15a2f9e
    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3.diff.gz
      Size/MD5 checksum:    26981 658f6330c2e56576251755f21291a22a
    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5.orig.tar.gz
      Size/MD5 checksum:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_alpha.deb
      Size/MD5 checksum:    75340 e5f2db24ac4a7fa37e03299092e04869

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_amd64.deb
      Size/MD5 checksum:    68580 e04afdcd5c4cd7d4ae7b9314c91f2003

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_arm.deb
      Size/MD5 checksum:    65356 599f5449dcd3c6774becab5db930c1eb

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_i386.deb
      Size/MD5 checksum:    64862 0af18766ab51b22276fe1458e19e6dfa

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_ia64.deb
      Size/MD5 checksum:    85968 ec853bd84c3c86a86edd1eaab3daaed9

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_hppa.deb
      Size/MD5 checksum:    70918 7d189eac1083bf7171a3378e076bd41d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_m68k.deb
      Size/MD5 checksum:    61566 5a1b92f6d84b61108c382f282541d4fd

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_mips.deb
      Size/MD5 checksum:    73286 3e159d225f6ed5683206ee891e73e411

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_mipsel.deb
      Size/MD5 checksum:    72982 593e2f05e139ff23ba448289dde24085

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_powerpc.deb
      Size/MD5 checksum:    67680 4fd0a44a984aa4dba6bde7144289fc82

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_s390.deb
      Size/MD5 checksum:    68708 6ecc6f8ad9a1f5fd56eeea4fe421ef39

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_sparc.deb
      Size/MD5 checksum:    64812 04cec657cd5681d4ab8c8e27f70d1653


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDRpmCW5ql+IAeqTIRAtJjAJ94khV46v1zUOprLrbJc2Easen2DgCgr5VR
1iHrHampcGZM5I7I7Wcn4G4=
=3252
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F40375)

usn-189-1.txt (PacketStormID:F40375)
2005-10-04 00:00:00
Martin Pitt  security.ubuntu.com
advisory,arbitrary,local
linux,ubuntu
CVE-2005-1111,CVE-2005-1229
[点击下载]

Ubuntu Security Notice USN-189-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran Ghory also discovered a path traversal vulnerability. Even when the --no-absolute-filenames option was specified, cpio did not filter out ".." path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CVE-2005-1229)

--tqI+Z3u+9OQ7kwn0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-189-1	 September 29, 2005
cpio vulnerabilities
CAN-2005-1111, CAN-2005-1229
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

cpio

The problem can be corrected by upgrading the affected package to
version 2.5-1.1ubuntu0.2 (for Ubuntu 4.10), or 2.5-1.1ubuntu1.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Imran Ghory found a race condition in the handling of output files.
While a file was unpacked with cpio, a local attacker with write
permissions to the target directory could exploit this to change the
permissions of arbitrary files of the cpio user. (CAN-2005-1111)

Imran Ghory discovered a path traversal vulnerability. Even when the
--no-absolute-filenames option was specified, cpio did not filter out
".." path components. By tricking an user into unpacking a malicious
cpio archive, this could be exploited to install files in arbitrary
paths with the privileges of the user calling cpio. (CAN-2005-1229)


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2.diff.gz
      Size/MD5:    27421 3800b28741820b67d89b8be0ca1b4c3a
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2.dsc
      Size/MD5:      551 536a242096b46cbac9caf1e034e89f88
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5.orig.tar.gz
      Size/MD5:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_amd64.deb
      Size/MD5:    68648 777b4ff7fa18697307311f3f306a61dd

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_i386.deb
      Size/MD5:    64158 6c8ee133865b826e666fe035eba229c2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_powerpc.deb
      Size/MD5:    67678 a52efbe49389c50a4c6abed05dd79e95

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1.diff.gz
      Size/MD5:    27418 0fb7a011377dd62652cacc4366d44baf
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1.dsc
      Size/MD5:      551 d78ae16b8c3bcf9bdc9348dd7dd3d02f
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5.orig.tar.gz
      Size/MD5:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_amd64.deb
      Size/MD5:    68686 00a2b4f57d4766e778f5de385c544549

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_i386.deb
      Size/MD5:    63972 b46cbb91273fc79d7ac1c82c3f0a27c5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_powerpc.deb
      Size/MD5:    67680 7f47d3eae5b01639f80c051ba77fbaa6

--tqI+Z3u+9OQ7kwn0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO8ipDecnbV4Fd/IRApy+AKDcCu2Fa9lMuuJYGEtlgkQV0OFn+gCgzQIX
EZd1xRmz5XN5q1cU1cvxCCs=
=TG42
-----END PGP SIGNATURE-----

--tqI+Z3u+9OQ7kwn0--
    

- 漏洞信息

17939
cpio Traversal Arbitrary File Creation
Input Manipulation

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-04-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CPIO Filename Directory Traversal Vulnerability
Input Validation Error 13291
Yes No
2005-04-20 12:00:00 2007-12-18 08:05:00
Discovery of this issue is credited to Imran Ghory <imranghory@gmail.com>.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SCO Unixware 7.1.4
SCO Unixware 7.1.3 up
SCO Unixware 7.1.3
SCO Open Server 6.0
SCO Open Server 5.0.7
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
Mandriva Linux Mandrake 2007.0 x86_64
Mandriva Linux Mandrake 2007.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
MandrakeSoft Corporate Server 4.0
GNU gzip 1.3.5
+ Conectiva Linux 10.0
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
GNU gzip 1.3.4
GNU gzip 1.3.3
GNU gzip 1.2.4 a
GNU gzip 1.2.4
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
+ Slackware Linux 8.0
+ Slackware Linux 7.1
+ Slackware Linux 7.0
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
GNU cpio 2.6
+ Gentoo Linux
+ Mandriva Linux Mandrake 2006.0 x86_64
+ Mandriva Linux Mandrake 2006.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
GNU cpio 2.5
+ Debian Linux 3.1
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Ubuntu Ubuntu Linux 5.10 powerpc
+ Ubuntu Ubuntu Linux 5.10 i386
+ Ubuntu Ubuntu Linux 5.10 amd64
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
GNU cpio 2.4.2
FreeBSD FreeBSD 6.0 -STABLE
FreeBSD FreeBSD 6.0 -RELEASE
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE/Alpha
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0 -RELEASE-p14
FreeBSD FreeBSD 5.0 alpha
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 4.11 -RELENG
FreeBSD FreeBSD 4.11 -RELEASE-p3
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE-p8
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 3.x
FreeBSD FreeBSD 2.x
FreeBSD FreeBSD -current
Conectiva Linux 10.0
Avaya Intuity Audix R5 0

- 漏洞讨论

The cpio utility is prone to a directory-traversal vulnerability. The issue occurs when cpio is invoked on a malicious archive.

An archive containing an absolute path for a filename that contains '/' characters results in the file getting written using the absolute path contained in the filename.

A remote attacker may leverage this issue using a malicious archive to corrupt arbitrary files with the privileges of the user that is running the vulnerable software.

- 漏洞利用

There is no exploit required.

- 解决方案

Please see the references for vendor advisories and fixes.


GNU cpio 2.5

FreeBSD FreeBSD 4.11 -STABLE

FreeBSD FreeBSD 5.3

FreeBSD FreeBSD 5.3 -STABLE

FreeBSD FreeBSD 5.4 -RELENG

FreeBSD FreeBSD 6.0 -STABLE

SCO Open Server 6.0

FreeBSD FreeBSD 6.0 -RELEASE

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站