| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Apr 2005 21:30:39 +0100 From: Imran Ghory <imranghory@...il.com> To: bugtraq@...urityfocus.com Subject: cpio directory traversal vulnerability ================================ cpio directory traversal vulnerability ================================ Software: cpio Version: cpio 2.6 Software URL: <http://www.gnu.org/software/cpio/> Platform: Unix, Linux. Vulnerability type: Input validation Severity: Medium, local vuln, Can result in privilege escalation. Vulnerable software ==================== cpio 2.6 and previous versions running on unix. Vulnerability ============== There is a vulnerability in cpio that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. cpio will extract to the path specified in the cpio file, this path can be absolute. This vulnerability can be used to make the cpio file extract to a directory which the attacker has write access to. This vulnerability then be used in combination with the cpio TOCTOU file-permissions vulnerability (CAN-2005-1111, Bugtraq #13159) to change the permissions on arbitrary files belonging to the user. Fix ======== None available at the present time.
Powered by blists - more mailing lists