Bugtraq mailing list archives

cpio directory traversal vulnerability

From: Imran Ghory <imranghory () gmail com>
Date: Wed, 20 Apr 2005 21:30:39 +0100

================================
cpio directory traversal vulnerability
================================

Software: cpio
Version: cpio 2.6
Software URL: <http://www.gnu.org/software/cpio/>
Platform:  Unix, Linux.
Vulnerability type: Input validation
Severity: Medium, local vuln, Can result in privilege escalation.

Vulnerable software
====================

cpio 2.6 and previous versions running on unix.

Vulnerability
==============

There is a vulnerability in cpio that allows a malicious cpio file to
extract to an arbitrary directory of the attackers choice. cpio will
extract to the path specified in the cpio file, this path can be
absolute.

This vulnerability can be used to make the cpio file extract to a
directory which the attacker has write access to. This vulnerability
then be used in combination with the cpio TOCTOU file-permissions
vulnerability (CAN-2005-1111, Bugtraq #13159) to change the
permissions on arbitrary files belonging to the user.

Fix
========

None available at the present time.

Current thread:

cpio directory traversal vulnerability Imran Ghory (Apr 20)