CVE-2005-1111
Gravedad CVSS v3.1:
MEDIA
Tipo:
CWE-59
Incorrecta resolución de una ruta antes de aceder a un fichero (Seguimiento de enlaces)
Fecha de publicación:
02/05/2005
Última modificación:
03/04/2025
Descripción
*** Pendiente de traducción *** Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Impacto
Puntuación base 3.x
4.70
Gravedad 3.x
MEDIA
Puntuación base 2.0
3.70
Gravedad 2.0
BAJA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:* | 2.6 (incluyendo) | |
| cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt
- http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
- http://marc.info/?l=bugtraq&m=111342664116120&w=2
- http://secunia.com/advisories/16998
- http://secunia.com/advisories/17123
- http://secunia.com/advisories/17532
- http://secunia.com/advisories/18290
- http://secunia.com/advisories/18395
- http://secunia.com/advisories/20117
- http://www.debian.org/security/2005/dsa-846
- http://www.osvdb.org/15725
- http://www.redhat.com/support/errata/RHSA-2005-378.html
- http://www.redhat.com/support/errata/RHSA-2005-806.html
- http://www.securityfocus.com/bid/13159
- http://www.ubuntu.com/usn/usn-189-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt
- http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
- http://marc.info/?l=bugtraq&m=111342664116120&w=2
- http://secunia.com/advisories/16998
- http://secunia.com/advisories/17123
- http://secunia.com/advisories/17532
- http://secunia.com/advisories/18290
- http://secunia.com/advisories/18395
- http://secunia.com/advisories/20117
- http://www.debian.org/security/2005/dsa-846
- http://www.osvdb.org/15725
- http://www.redhat.com/support/errata/RHSA-2005-378.html
- http://www.redhat.com/support/errata/RHSA-2005-806.html
- http://www.securityfocus.com/bid/13159
- http://www.ubuntu.com/usn/usn-189-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783