Description
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Affected products
- Debian / debian_linux3.0 – 3.0
- FreeBSD / FreeBSD2.1.0 – 2.1.0
- mandrakesoft / mandrake_linux9.2 – 9.2
- mandrakesoft / mandrake_linux10.0 – 10.0
- mandrakesoft / mandrake_linux10.1 – 10.1
- mandrakesoft / mandrake_linuxcs2.1 – cs2.1
- mandrakesoft / mandrake_linuxcs3.0 – cs3.0
- RedHat / enterprise_linux4.0 – 4.0
- RedHat / enterprise_linux4.0 – 4.0
- RedHat / enterprise_linux4.0 – 4.0
- RedHat / enterprise_linux_desktop4.0 – 4.0
- Ubuntu / ubuntu_linux4.10 – 4.10
References
- MAILING_LISThttp://marc.info/?l=bugtraq&m=110763404701519&w=2
- MISChttp://www.redhat.com/support/errata/RHSA-2005-073.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/19167
- VENDOR_ADVISORYhttp://secunia.com/advisories/17063
- VENDOR_ADVISORYhttp://secunia.com/advisories/17532
- MISChttp://www.trustix.org/errata/2005/0003/
- MISChttp://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf
- MISChttp://www.redhat.com/support/errata/RHSA-2005-080.html
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888
- MISChttp://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391
- VENDOR_ADVISORYhttp://secunia.com/advisories/14357
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:032
- VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-664
- MISChttp://www.redhat.com/support/errata/RHSA-2005-806.html