[38479] in bugtraq
cpio directory traversal vulnerability
daemon@ATHENA.MIT.EDU (Imran Ghory)
Wed Apr 20 17:15:37 2005
Message-ID: <7389fc4b05042013306afd0706@mail.gmail.com>
Date: Wed, 20 Apr 2005 21:30:39 +0100
From: Imran Ghory <imranghory@gmail.com>
Reply-To: Imran Ghory <imranghory@gmail.com>
To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
================================
cpio directory traversal vulnerability
================================
Software: cpio
Version: cpio 2.6
Software URL: <http://www.gnu.org/software/cpio/>
Platform: Unix, Linux.
Vulnerability type: Input validation
Severity: Medium, local vuln, Can result in privilege escalation.
Vulnerable software
====================
cpio 2.6 and previous versions running on unix.
Vulnerability
==============
There is a vulnerability in cpio that allows a malicious cpio file to
extract to an arbitrary directory of the attackers choice. cpio will
extract to the path specified in the cpio file, this path can be
absolute.
This vulnerability can be used to make the cpio file extract to a
directory which the attacker has write access to. This vulnerability
then be used in combination with the cpio TOCTOU file-permissions
vulnerability (CAN-2005-1111, Bugtraq #13159) to change the
permissions on arbitrary files belonging to the user.
Fix
========
None available at the present time.
