Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2005-30 (cpio)

The remote host is missing an update to cpio
announced via advisory TLSA-2005-30.

GNU cpio copies files into or out of a cpio or tar archive. The archive
can be placed into another file on disk, on a magnetic tape, or into a pipe.

The cpio uses a file creation mask (umask) of 0 when creating files when
the -O (archive) or -F options are used.

The cpio creates files with mode 0666 (a+rw) which allows local users
to read or overwrite created files.

Solution: Please use the turbopkg (zabom) tool to apply the update.

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-1999-1572
Bugtraq: 20050204 [USN-75-1] cpio vulnerability (Google Search)
Debian Security Information: DSA-664 (Google Search)
XForce ISS Database: cpio-o-archive-insecure-permissions(19167)
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.