exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
usn-189-1.txt https://packetstormsecurity.com/files/40375/usn-189-1.txt https://packetstormsecurity.com/files/40375/usn-189-1.txt https://packetstormsecurity.com/files/40375/usn-189-1.txt.html Tue, 04 Oct 2005 04:20:07 GMT Ubuntu Security Notice USN-189-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran Ghory also discovered a path traversal vulnerability. Even when the --no-absolute-filenames option was specified, cpio did not filter out ".." path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CVE-2005-1229)

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close