CVE-1999-1572 — Linux vulnerability

9 documents8 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 65.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Cpio Debian Linux Freebsd +4 more

Timeline

PublishedJul 16

Latest updateApr 30

Description

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶Debiangnu/cpio< 2.5-1.2+3

▶NVDmandrakesoft/mandrake_linux5 versions+4

▶NVDredhat/enterprise_linux_desktop4.0

Also affects: Debian Linux 3.0, Freebsd 2.1.0, Ubuntu Linux 4.10, Enterprise Linux 4.0

🔴Vulnerability Details

GHSA

GHSA-j8q5-qf4r-w33w: cpio on FreeBSD 2↗2022-04-30

▶

CVEList

CVE-1999-1572: cpio on FreeBSD 2↗2005-01-29

▶

OSV

CVE-1999-1572: cpio on FreeBSD 2↗1996-07-16

▶

📋Vendor Advisories

Ubuntu

cpio vulnerability↗2005-02-04

▶

Debian

CVE-1999-1572: cpio - cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating system...↗1999

▶

Red Hat

security flaw↗1996-07-16

▶

💬Community

Bugzilla

CVE-1999-1572 security flaw↗2018-08-16

▶

Bugzilla

CVE-1999-1572 cpio insecure file creation↗2005-11-01

▶