CPIO Archiver Local Insecure File Creation Vulnerability
BID:12404
Info
CPIO Archiver Local Insecure File Creation Vulnerability
| Bugtraq ID: | 12404 |
| Class: | Design Error |
| CVE: |
CVE-1999-1572 |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 16 1996 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Georg-W. Koltermann is credited with the discovery of this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Turbolinux Turbolinux Server 10.0 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Linux 1.5 Trustix Secure Enterprise Linux 2.0 SGI Advanced Linux Environment 3.0 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 GNU cpio 1.2 GNU cpio 1.1 GNU cpio 1.0 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Avaya Integrated Management 2.1 Avaya Integrated Management Avaya CVLAN |
| Not Vulnerable: |
GNU cpio 2.6 GNU cpio 2.5.90 GNU cpio 2.5 GNU cpio 2.4.2 GNU cpio 1.3 |
Discussion
CPIO Archiver Local Insecure File Creation Vulnerability
A local insecure file creation vulnerability affects cpio. This issue is due to a failure of the application to create files securely.
This issue may be exploited by an attacker to manipulate or read any files created by the affected utility.
A local insecure file creation vulnerability affects cpio. This issue is due to a failure of the application to create files securely.
This issue may be exploited by an attacker to manipulate or read any files created by the affected utility.
Exploit / POC
CPIO Archiver Local Insecure File Creation Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
CPIO Archiver Local Insecure File Creation Vulnerability
Solution:
The vendor has released an upgrade dealing with this issue.
Ubuntu linux has released an advisory (USN-75-1) dealing with this issue. Please see the referenced advisory for more information.
Debian linux has released an advisory dealing with this issue. Please see the referenced advisory for more information.
Mandrake has released an advisory (MDKSA-2005:032) to address this issue. Please see the attached Mandrake advisory for details on obtaining and applying fixes. Update (02/12/05): Mandrake has re-released advisory MDKSA-2005:032 as MDKSA-2005:032-1 to correct a problem (they would not install with rpmdrake) with fixes for Mandrake 10.1. See the references section.
Trustix has released advisory TSLSA-2005-0003 to address various issues in multiple products. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2005:080-06 to address this issue. Please see the advisory in Web references for more information.
Silicon Graphics has released advisory 20050204-01-U dealing with this and other issues for their Advanced Linux Environment packages. Please see the referenced advisories for more information.
Turbolinux has released advisory TLSA-2005-30 to address this issue. Please see the referenced advisory for more information.
Conectiva has released security advisory CLSA-2005:1002 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Avaya has released advisory ASA-2005-212 to indicate that Avaya CVLAN and Integrated Management products are vulnerable to this issue. Customers are advised to apply patches supplied by vendors of the underlying operating systems. Please see the referenced advisory for more information.
RedHat has released security advisory RHSA-2005:806-8 addressing this issue for their Enterprise and Advanced Workstation editions. Users are advised to see the referenced Web advisory for further information.
GNU cpio 1.0
GNU cpio 1.1
GNU cpio 1.2
Turbolinux Turbolinux Server 10.0
Solution:
The vendor has released an upgrade dealing with this issue.
Ubuntu linux has released an advisory (USN-75-1) dealing with this issue. Please see the referenced advisory for more information.
Debian linux has released an advisory dealing with this issue. Please see the referenced advisory for more information.
Mandrake has released an advisory (MDKSA-2005:032) to address this issue. Please see the attached Mandrake advisory for details on obtaining and applying fixes. Update (02/12/05): Mandrake has re-released advisory MDKSA-2005:032 as MDKSA-2005:032-1 to correct a problem (they would not install with rpmdrake) with fixes for Mandrake 10.1. See the references section.
Trustix has released advisory TSLSA-2005-0003 to address various issues in multiple products. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2005:080-06 to address this issue. Please see the advisory in Web references for more information.
Silicon Graphics has released advisory 20050204-01-U dealing with this and other issues for their Advanced Linux Environment packages. Please see the referenced advisories for more information.
Turbolinux has released advisory TLSA-2005-30 to address this issue. Please see the referenced advisory for more information.
Conectiva has released security advisory CLSA-2005:1002 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Avaya has released advisory ASA-2005-212 to indicate that Avaya CVLAN and Integrated Management products are vulnerable to this issue. Customers are advised to apply patches supplied by vendors of the underlying operating systems. Please see the referenced advisory for more information.
RedHat has released security advisory RHSA-2005:806-8 addressing this issue for their Enterprise and Advanced Workstation editions. Users are advised to see the referenced Web advisory for further information.
GNU cpio 1.0
-
GNU cpio 2.6
http://ftp.gnu.org/gnu/cpio/cpio-2.6.tar.gz
GNU cpio 1.1
-
GNU cpio 2.6
http://ftp.gnu.org/gnu/cpio/cpio-2.6.tar.gz
GNU cpio 1.2
-
GNU cpio 2.6
http://ftp.gnu.org/gnu/cpio/cpio-2.6.tar.gz
Turbolinux Turbolinux Server 10.0
-
TurboLinux cpio-2.5-4.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/cpio-2.5-4.i586.rpm -
TurboLinux cpio-debug-2.5-4.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/cpio-debug-2.5-4.i586.rpm
References
CPIO Archiver Local Insecure File Creation Vulnerability
References:
References:
- ASA-2005-212 - cpio security update - (RHSA-2005-080) (Avaya)
- CPIO - Problem Report bin/1391 (FreeBSD)
- cpio Home Page (GNU)
- RHSA-2005:080-06 - Low: cpio security update (RedHat)
- RHSA-2005:806-8 - cpio security update (RedHat)