<<< Date Index >>>     <<< Thread Index >>>

cpio directory traversal vulnerability



================================
cpio directory traversal vulnerability
================================

Software: cpio
Version: cpio 2.6
Software URL: <http://www.gnu.org/software/cpio/>
Platform:  Unix, Linux.
Vulnerability type: Input validation
Severity: Medium, local vuln, Can result in privilege escalation.

Vulnerable software
====================

cpio 2.6 and previous versions running on unix.

Vulnerability
==============

There is a vulnerability in cpio that allows a malicious cpio file to
extract to an arbitrary directory of the attackers choice. cpio will
extract to the path specified in the cpio file, this path can be
absolute.

This vulnerability can be used to make the cpio file extract to a
directory which the attacker has write access to. This vulnerability
then be used in combination with the cpio TOCTOU file-permissions
vulnerability (CAN-2005-1111, Bugtraq #13159) to change the
permissions on arbitrary files belonging to the user.

Fix
========

None available at the present time.