Description
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Affected products
- Canonical / Ubuntu Linux4.10 – 4.10
- Canonical / Ubuntu Linux5.04 – 5.04
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.1 – 3.1
- gnu / cpio2.6
References
- MAILING_LISThttp://marc.info/?l=bugtraq&m=111342664116120&w=2
- VENDOR_ADVISORYhttp://secunia.com/advisories/17532
- MISCftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt
- VENDOR_ADVISORYftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc
- VENDOR_ADVISORYhttp://secunia.com/advisories/17123
- MISChttp://www.osvdb.org/15725
- MISChttp://www.redhat.com/support/errata/RHSA-2005-378.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/16998
- MISChttp://www.securityfocus.com/bid/13159
- VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-846
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-189-1
- MAILING_LISThttp://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/20117
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358
- MISChttp://www.redhat.com/support/errata/RHSA-2005-806.html
- MISCftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt
- VENDOR_ADVISORYhttp://secunia.com/advisories/18395
- VENDOR_ADVISORYhttp://secunia.com/advisories/18290