ID CVE-2005-1111
Summary Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:cpio:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:cpio:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:cpio:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:cpio:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:cpio:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:cpio:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:cpio:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:cpio:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:cpio:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:cpio:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:cpio:2.4-2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:cpio:2.4-2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:cpio:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:cpio:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:cpio:2.5.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:cpio:2.5.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:cpio:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:cpio:2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
CVSS
Base: 3.7 (as of 26-01-2024 - 17:07)
Impact:
Exploitability:
CWE CWE-367
CAPEC
  • Leveraging Race Conditions via Symbolic Links
    This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to her. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file she will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2005-09-21T01:33:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
    family unix
    id oval:org.mitre.oval:def:358
    status accepted
    submitted 2005-08-08T12:00:00.000-04:00
    title cpio Race Condition
    version 4
  • accepted 2013-04-29T04:22:09.996-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
    family unix
    id oval:org.mitre.oval:def:9783
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
    version 29
redhat via4
advisories
  • rhsa
    id RHSA-2005:378
  • rhsa
    id RHSA-2005:806
rpms
  • cpio-0:2.5-4.RHEL3
  • cpio-0:2.5-8.RHEL4
  • cpio-debuginfo-0:2.5-4.RHEL3
  • cpio-debuginfo-0:2.5-8.RHEL4
refmap via4
bid 13159
bugtraq 20050413 cpio TOCTOU file-permissions vulnerability
debian DSA-846
freebsd FreeBSD-SA-06:03
osvdb 15725
sco
  • SCOSA-2005.32
  • SCOSA-2006.2
secunia
  • 16998
  • 17123
  • 17532
  • 18290
  • 18395
  • 20117
suse SUSE-SR:2006:010
ubuntu USN-189-1
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 26-01-2024 - 17:07
Published 02-05-2005 - 04:00
Last modified 26-01-2024 - 17:07
Back to Top