CVE-2005-1111

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions cpio versions 2.6 and earlier

Description A race condition issue allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed. The permissions of the file are changed by cpio after the decompression is complete.

Recommendations For cpio versions 2.6 and earlier, consider restricting access to the cpio decompression functionality until a patch is available. As a temporary workaround, avoid using cpio for decompressing files that require specific permission settings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-367

Related Identifiers

CVE-2005-1111

DSA-846-1

RHSA-2005:378

RHSA-2005_378

Affected Products

Red Hat

Cpio

CVE-2005-1111

Weakness Enumeration

Related Identifiers

Affected Products

References · 26