CVE-2005-1111

Name of the Vulnerable Software and Affected Versions cpio versions 2.6 and earlier

Description A race condition issue allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed. The permissions of the file are changed by cpio after the decompression is complete.

Recommendations For cpio versions 2.6 and earlier, consider restricting access to the cpio decompression functionality until a patch is available. As a temporary workaround, avoid using cpio for decompressing files that require specific permission settings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.