CVE-2005-1111

4.7MEDIUM

Key Information:

Vendor: Gnu
Status: Cpio
Vendor: CVE Published:; 2 May 2005

Summary

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

References

http://marc.info/?l=bugtraq&m=111342664116120&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/17532

third-party-advisoryx_refsource_SECUNIA

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCO...

vendor-advisoryx_refsource_SCO

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 16, 2005