CVE-2005-1111

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-1111
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

4.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.7 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 1.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc Broken Link
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt Broken Link
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html Broken Link
http://marc.info/?l=bugtraq&m=111342664116120&w=2 Mailing List
http://secunia.com/advisories/16998 Broken Link
http://secunia.com/advisories/17123 Broken Link
http://secunia.com/advisories/17532 Broken Link
http://secunia.com/advisories/18290 Broken Link
http://secunia.com/advisories/18395 Broken Link
http://secunia.com/advisories/20117 Broken Link
http://www.debian.org/security/2005/dsa-846 Third Party Advisory
http://www.osvdb.org/15725 Broken Link
http://www.redhat.com/support/errata/RHSA-2005-378.html Broken Link
http://www.redhat.com/support/errata/RHSA-2005-806.html Broken Link
http://www.securityfocus.com/bid/13159 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-189-1 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 Broken Link
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc Broken Link
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt Broken Link
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html Broken Link
http://marc.info/?l=bugtraq&m=111342664116120&w=2 Mailing List
http://secunia.com/advisories/16998 Broken Link
http://secunia.com/advisories/17123 Broken Link
http://secunia.com/advisories/17532 Broken Link
http://secunia.com/advisories/18290 Broken Link
http://secunia.com/advisories/18395 Broken Link
http://secunia.com/advisories/20117 Broken Link
http://www.debian.org/security/2005/dsa-846 Third Party Advisory
http://www.osvdb.org/15725 Broken Link
http://www.redhat.com/support/errata/RHSA-2005-378.html Broken Link
http://www.redhat.com/support/errata/RHSA-2005-806.html Broken Link
http://www.securityfocus.com/bid/13159 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-189-1 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
History

20 Nov 2024, 23:56

Type Values Removed Values Added
References () ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc - Broken Link () ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc - Broken Link
References () ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt - Broken Link () ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt - Broken Link
References () ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt - Broken Link () ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt - Broken Link
References () http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html - Broken Link () http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html - Broken Link
References () http://marc.info/?l=bugtraq&m=111342664116120&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=111342664116120&w=2 - Mailing List
References () http://secunia.com/advisories/16998 - Broken Link () http://secunia.com/advisories/16998 - Broken Link
References () http://secunia.com/advisories/17123 - Broken Link () http://secunia.com/advisories/17123 - Broken Link
References () http://secunia.com/advisories/17532 - Broken Link () http://secunia.com/advisories/17532 - Broken Link
References () http://secunia.com/advisories/18290 - Broken Link () http://secunia.com/advisories/18290 - Broken Link
References () http://secunia.com/advisories/18395 - Broken Link () http://secunia.com/advisories/18395 - Broken Link
References () http://secunia.com/advisories/20117 - Broken Link () http://secunia.com/advisories/20117 - Broken Link
References () http://www.debian.org/security/2005/dsa-846 - Third Party Advisory () http://www.debian.org/security/2005/dsa-846 - Third Party Advisory
References () http://www.osvdb.org/15725 - Broken Link () http://www.osvdb.org/15725 - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2005-378.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2005-378.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2005-806.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2005-806.html - Broken Link
References () http://www.securityfocus.com/bid/13159 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/13159 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-189-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-189-1 - Third Party Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 - Broken Link

26 Jan 2024, 17:07

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-367
CWE-59
First Time Debian
Canonical
Debian debian Linux
Canonical ubuntu Linux
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-806.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-806.html - Broken Link
References (DEBIAN) http://www.debian.org/security/2005/dsa-846 - (DEBIAN) http://www.debian.org/security/2005/dsa-846 - Third Party Advisory
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=111342664116120&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=111342664116120&w=2 - Mailing List
References (UBUNTU) http://www.ubuntu.com/usn/usn-189-1 - (UBUNTU) http://www.ubuntu.com/usn/usn-189-1 - Third Party Advisory
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-378.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-378.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/17123 - (SECUNIA) http://secunia.com/advisories/17123 - Broken Link
References (OSVDB) http://www.osvdb.org/15725 - (OSVDB) http://www.osvdb.org/15725 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 - Broken Link
References (SECUNIA) http://secunia.com/advisories/18290 - (SECUNIA) http://secunia.com/advisories/18290 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 - Broken Link
References (SCO) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt - (SCO) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt - Broken Link
References (SUSE) http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html - (SUSE) http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/20117 - (SECUNIA) http://secunia.com/advisories/20117 - Broken Link
References (SECUNIA) http://secunia.com/advisories/17532 - (SECUNIA) http://secunia.com/advisories/17532 - Broken Link
References (SECUNIA) http://secunia.com/advisories/16998 - (SECUNIA) http://secunia.com/advisories/16998 - Broken Link
References (SECUNIA) http://secunia.com/advisories/18395 - (SECUNIA) http://secunia.com/advisories/18395 - Broken Link
References (FREEBSD) ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc - (FREEBSD) ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc - Broken Link
References (SCO) ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt - (SCO) ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt - Broken Link
References (BID) http://www.securityfocus.com/bid/13159 - (BID) http://www.securityfocus.com/bid/13159 - Broken Link, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:gnu:cpio:2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.5.90:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:2.4-2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:1.0:*:*:*:*:*:*:*		 cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
CVSS v2 : 3.7
v3 : unknown 		v2 : 3.7
v3 : 4.7
Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:56

NVD link : CVE-2005-1111

Mitre link : CVE-2005-1111

CVE.ORG link : CVE-2005-1111

JSON object : View

Products Affected

debian

  • debian_linux

gnu

  • cpio

canonical

  • ubuntu_linux
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024