CVE-2005-1111

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
References
Link Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc Broken Link
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt Broken Link
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html Broken Link
http://marc.info/?l=bugtraq&m=111342664116120&w=2 Mailing List
http://secunia.com/advisories/16998 Broken Link
http://secunia.com/advisories/17123 Broken Link
http://secunia.com/advisories/17532 Broken Link
http://secunia.com/advisories/18290 Broken Link
http://secunia.com/advisories/18395 Broken Link
http://secunia.com/advisories/20117 Broken Link
http://www.debian.org/security/2005/dsa-846 Third Party Advisory
http://www.osvdb.org/15725 Broken Link
http://www.redhat.com/support/errata/RHSA-2005-378.html Broken Link
http://www.redhat.com/support/errata/RHSA-2005-806.html Broken Link
http://www.securityfocus.com/bid/13159 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-189-1 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 Broken Link
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc Broken Link
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt Broken Link
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html Broken Link
http://marc.info/?l=bugtraq&m=111342664116120&w=2 Mailing List
http://secunia.com/advisories/16998 Broken Link
http://secunia.com/advisories/17123 Broken Link
http://secunia.com/advisories/17532 Broken Link
http://secunia.com/advisories/18290 Broken Link
http://secunia.com/advisories/18395 Broken Link
http://secunia.com/advisories/20117 Broken Link
http://www.debian.org/security/2005/dsa-846 Third Party Advisory
http://www.osvdb.org/15725 Broken Link
http://www.redhat.com/support/errata/RHSA-2005-378.html Broken Link
http://www.redhat.com/support/errata/RHSA-2005-806.html Broken Link
http://www.securityfocus.com/bid/13159 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-189-1 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*

History

20 Nov 2024, 23:56

Type Values Removed Values Added
References () ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc - Broken Link () ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc - Broken Link
References () ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt - Broken Link () ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt - Broken Link
References () ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt - Broken Link () ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt - Broken Link
References () http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html - Broken Link () http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html - Broken Link
References () http://marc.info/?l=bugtraq&m=111342664116120&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=111342664116120&w=2 - Mailing List
References () http://secunia.com/advisories/16998 - Broken Link () http://secunia.com/advisories/16998 - Broken Link
References () http://secunia.com/advisories/17123 - Broken Link () http://secunia.com/advisories/17123 - Broken Link
References () http://secunia.com/advisories/17532 - Broken Link () http://secunia.com/advisories/17532 - Broken Link
References () http://secunia.com/advisories/18290 - Broken Link () http://secunia.com/advisories/18290 - Broken Link
References () http://secunia.com/advisories/18395 - Broken Link () http://secunia.com/advisories/18395 - Broken Link
References () http://secunia.com/advisories/20117 - Broken Link () http://secunia.com/advisories/20117 - Broken Link
References () http://www.debian.org/security/2005/dsa-846 - Third Party Advisory () http://www.debian.org/security/2005/dsa-846 - Third Party Advisory
References () http://www.osvdb.org/15725 - Broken Link () http://www.osvdb.org/15725 - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2005-378.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2005-378.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2005-806.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2005-806.html - Broken Link
References () http://www.securityfocus.com/bid/13159 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/13159 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-189-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-189-1 - Third Party Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 - Broken Link

26 Jan 2024, 17:07

Type Values Removed Values Added
CVSS v2 : 3.7
v3 : unknown
v2 : 3.7
v3 : 4.7
CPE cpe:2.3:a:gnu:cpio:1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.4-2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.5.90:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.6:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-59
CWE-367
References (UBUNTU) http://www.ubuntu.com/usn/usn-189-1 - (UBUNTU) http://www.ubuntu.com/usn/usn-189-1 - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/17123 - (SECUNIA) http://secunia.com/advisories/17123 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-806.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-806.html - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-378.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-378.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/16998 - (SECUNIA) http://secunia.com/advisories/16998 - Broken Link
References (SECUNIA) http://secunia.com/advisories/18395 - (SECUNIA) http://secunia.com/advisories/18395 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 - Broken Link
References (DEBIAN) http://www.debian.org/security/2005/dsa-846 - (DEBIAN) http://www.debian.org/security/2005/dsa-846 - Third Party Advisory
References (SUSE) http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html - (SUSE) http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 - Broken Link
References (SECUNIA) http://secunia.com/advisories/17532 - (SECUNIA) http://secunia.com/advisories/17532 - Broken Link
References (SECUNIA) http://secunia.com/advisories/18290 - (SECUNIA) http://secunia.com/advisories/18290 - Broken Link
References (FREEBSD) ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc - (FREEBSD) ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc - Broken Link
References (SECUNIA) http://secunia.com/advisories/20117 - (SECUNIA) http://secunia.com/advisories/20117 - Broken Link
References (BID) http://www.securityfocus.com/bid/13159 - (BID) http://www.securityfocus.com/bid/13159 - Broken Link, Third Party Advisory, VDB Entry
References (SCO) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt - (SCO) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt - Broken Link
References (SCO) ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt - (SCO) ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt - Broken Link
References (OSVDB) http://www.osvdb.org/15725 - (OSVDB) http://www.osvdb.org/15725 - Broken Link
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=111342664116120&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=111342664116120&w=2 - Mailing List

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:56


NVD link : CVE-2005-1111

Mitre link : CVE-2005-1111

CVE.ORG link : CVE-2005-1111


JSON object : View

Products Affected

gnu

  • cpio

debian

  • debian_linux

canonical

  • ubuntu_linux
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition