Ubuntu has written a patch to address the following two security issues. | Imran Ghory found a race condition in the handling of output files. | While a file was unpacked with cpio, a local attacker with write | permissions to the target directory could exploit this to change the | permissions of arbitrary files of the cpio user. (CAN-2005-1111) | | Imran Ghory discovered a path traversal vulnerability. Even when the | --no-absolute-filenames option was specified, cpio did not filter out | ".." path components. By tricking an user into unpacking a malicious | cpio archive, this could be exploited to install files in arbitrary | paths with the privileges of the user calling cpio. (CAN-2005-1229)
They have it here: http://patches.ubuntu.com/patches/cpio.CAN-2005-1111_1229.diff _______________________________________________ Bug-cpio mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-cpio
