Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Conectiva Local Security Checks
Title:Conectiva Security Advisory CLSA-2005:1002

The remote host is missing updates announced in
advisory CLSA-2005:1002.

This announcement fixes the following vulnerabilities:

cpio uses a 0 umask when creating files using the -O
(archive) or -F options, which creates the files with
mode 0666 and allows local users to read or overwrite
those files.

Race condition in cpio 2.6 and earlier allows local users
to modify permissions of arbitrary files via a hard link
attack on a file while it is being decompressed, whose
permissions are changed by cpio after the decompression is

Directory traversal vulnerability in cpio 2.6 and earlier
allows remote attackers to write to arbitrary directories
via a .. (dot dot) in a cpio file.

The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-1999-1572
Bugtraq: 20050204 [USN-75-1] cpio vulnerability (Google Search)
Debian Security Information: DSA-664 (Google Search)
XForce ISS Database: cpio-o-archive-insecure-permissions(19167)
Common Vulnerability Exposure (CVE) ID: CVE-2005-1111
BugTraq ID: 13159
Bugtraq: 20050413 cpio TOCTOU file-permissions vulnerability (Google Search)
Debian Security Information: DSA-846 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-06:03
SCO Security Bulletin: SCOSA-2005.32
SCO Security Bulletin: SCOSA-2006.2
SuSE Security Announcement: SUSE-SR:2006:010 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2005-1229
BugTraq ID: 13291
Bugtraq: 20050420 cpio directory traversal vulnerability (Google Search)
XForce ISS Database: cpio-directory-traversal(20204)
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.