CVE-2005-1111

CWE-59 CWE-36713 documents10 sources

Severity

4.7MEDIUM

EPSS

0.1%

top 74.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Cpio Canonical Ubuntu Linux Debian Debian Linux

Timeline

PublishedMay 2

Latest updateMay 3

Description

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

▶Debiancpio< 2.6-6+3

▶NVDgnu/cpio2.6

Also affects: Debian Linux 3.0, 3.1, Ubuntu Linux 4.10, 5.04

🔴Vulnerability Details

GHSA

GHSA-fg93-983g-7p2v: Race condition in cpio 2↗2022-05-03

▶

OSV

CVE-2005-1111: Race condition in cpio 2↗2005-05-02

▶

CVEList

CVE-2005-1111: Race condition in cpio 2↗2005-04-16

▶

💥Exploits & PoCs

Exploit-DB

Macromedia Flash Media Server 2 - Remote Denial of Service↗2005-12-14

▶

Exploit-DB

Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index (PoC)↗2005-03-28

▶

📋Vendor Advisories

BSD

FreeBSD-SA-06:03.cpio: Multiple vulnerabilities cpio↗2006-01-11

▶

Ubuntu

cpio vulnerabilities↗2005-09-29

▶

Red Hat

security flaw↗2005-04-13

▶

Debian

CVE-2005-1111: cpio - Race condition in cpio 2.6 and earlier allows local users to modify permissions ...↗2005

▶

💬Community

Bugzilla

CVE-2005-1111 security flaw↗2018-08-16

▶

Bugzilla

CVE-2005-1111 Race condition in cpio↗2005-10-03

▶

Bugzilla

CVE-2005-1111 Race condition in cpio↗2005-04-22

▶