Directory Traversal Flaw in cpio Product by Various Vendors
CVE-2005-1229

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
2 May 2005

Summary

A directory traversal vulnerability exists in cpio 2.6 and earlier, enabling remote attackers to exploit the file extraction process. By using a specially crafted cpio file with a '..' (dot dot) sequence, an attacker can manipulate the directory structure, allowing unauthorized writing to arbitrary directories. This flaw can compromise the security of the affected systems, highlighting the importance of proper input validation in file handling processes.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.