CVE-2005-1111
published 2005-05-02CVE-2005-1111: Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being…
medium4.7CVSS 3.1
AVLACHPRLUINSUCNIHAN
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | cpio | < cpio 2.6-6 (bookworm) | cpio 2.6-6 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| gnu | cpio | <= 2.6 | — |
| gnu | cpio | >= 0 < 2.6-6 | 2.6-6 |
| gnu | cpio | >= 0 < 2.6-6 | 2.6-6 |
| gnu | cpio | >= 0 < 2.6-6 | 2.6-6 |
| gnu | cpio | >= 0 < 2.6-6 | 2.6-6 |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
osv4.7MEDIUM