CVE-2005-1111
CVE-2005-1111
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.ascftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txtftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txthttp://lists.suse.com/archive/suse-security-announce/2006-May/0004.htmlhttp://marc.info/?l=bugtraq&m=111342664116120&w=2http://secunia.com/advisories/16998http://secunia.com/advisories/17123http://secunia.com/advisories/17532http://secunia.com/advisories/18290http://secunia.com/advisories/18395http://secunia.com/advisories/20117https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358