Directory Traversal Flaw in cpio Product by Various Vendors
CVE-2005-1229

Currently unrated

Key Information:

Vendor: Gnu
Status: Cpio
Vendor: CVE Published:; 2 May 2005

Summary

A directory traversal vulnerability exists in cpio 2.6 and earlier, enabling remote attackers to exploit the file extraction process. By using a specially crafted cpio file with a '..' (dot dot) sequence, an attacker can manipulate the directory structure, allowing unauthorized writing to arbitrary directories. This flaw can compromise the security of the affected systems, highlighting the importance of proper input validation in file handling processes.

References

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCO...

vendor-advisoryx_refsource_SCO

http://secunia.com/advisories/27857

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 22, 2005