Race Condition Vulnerability in cpio by David Jackson
CVE-2005-1111

4.7MEDIUM

Key Information:

Vendor
Gnu
Status
Cpio
Vendor
CVE Published:
2 May 2005

Summary

A race condition exists in the cpio utility, specifically affecting versions 2.6 and earlier. This vulnerability enables local users to exploit a hard link attack while cpio is decompressing files. By manipulating the permissions of a target file during the decompression process, unauthorized changes can be made once cpio completes its operation. This flaw emphasizes the importance of securing file operations against concurrent access issues.

References

http://marc.info/?l=bugtraq&m=111342664116120&w=2
mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/17532
third-party-advisoryx_refsource_SECUNIA
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCO...
vendor-advisoryx_refsource_SCO

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.