[MBT] new ticket for pkg cpio "Overwriting of arbitary files "
bugs at pld.org.pl
bugs at pld.org.pl
Wed May 14 16:27:53 CEST 2003
Date: 2003-05-14 16:27:50+02 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Overwriting of arbitary files
Ticket ID: #657
Ticket URL: http://bugs.pld.org.pl/?bug=657
Package: cpio-1:2.5-1
Distribution: PLD-1.0.main
Category: security problem
Current state: opened
Text:
The error page is on
http://www.securityfocus.com/bid/6415
but since this is not very elaborate, I cite the (translated) version as appeared in the german Linux Magazin:
Through an errror in cpio a remote attacer can cause a victim to overwrite arbitary files on the system with his permissions or to create new files.
The problems is caused by the fact, that cpio contains a double-dot-error when extracting tar files. An Attacer can use this, by moving a specially crafted tar file on the victims system. When a cpio process extracts the archive, it uses the paths provided and overwrites, as wanted by the attacer, arbitary files on the system or creats them. The permissions are those of the user running cpio.
The error is in version 2.5.
More information about the pld-bugs
mailing list