CVE-2005-1111

Severity CVSS v4.0:
Pending analysis
Type:
CWE-59 Link Following
Publication date:
02/05/2005
Last modified:
03/04/2025

Description

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:* 2.6 (including)
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools