usn-189-1.txt

usn-189-1.txt: Posted Oct 4, 2005; Authored by Martin Pitt | Site security.ubuntu.com; Ubuntu Security Notice USN-189-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran Ghory also discovered a path traversal vulnerability. Even when the --no-absolute-filenames option was specified, cpio did not filter out ".." path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CVE-2005-1229); tags | advisory, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2005-1111, CVE-2005-1229; SHA-256 | 6c020b860f3162b5c142afd08d7d2ed80874cb3d6613efa8875483bac869d12a; Download | Favorite | View

usn-189-1.txt


--tqI+Z3u+9OQ7kwn0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-189-1   September 29, 2005
cpio vulnerabilities
CAN-2005-1111, CAN-2005-1229
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

cpio

The problem can be corrected by upgrading the affected package to
version 2.5-1.1ubuntu0.2 (for Ubuntu 4.10), or 2.5-1.1ubuntu1.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Imran Ghory found a race condition in the handling of output files.
While a file was unpacked with cpio, a local attacker with write
permissions to the target directory could exploit this to change the
permissions of arbitrary files of the cpio user. (CAN-2005-1111)

Imran Ghory discovered a path traversal vulnerability. Even when the
--no-absolute-filenames option was specified, cpio did not filter out
".." path components. By tricking an user into unpacking a malicious
cpio archive, this could be exploited to install files in arbitrary
paths with the privileges of the user calling cpio. (CAN-2005-1229)


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2.diff.gz
      Size/MD5:    27421 3800b28741820b67d89b8be0ca1b4c3a
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2.dsc
      Size/MD5:      551 536a242096b46cbac9caf1e034e89f88
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5.orig.tar.gz
      Size/MD5:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_amd64.deb
      Size/MD5:    68648 777b4ff7fa18697307311f3f306a61dd

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_i386.deb
      Size/MD5:    64158 6c8ee133865b826e666fe035eba229c2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_powerpc.deb
      Size/MD5:    67678 a52efbe49389c50a4c6abed05dd79e95

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1.diff.gz
      Size/MD5:    27418 0fb7a011377dd62652cacc4366d44baf
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1.dsc
      Size/MD5:      551 d78ae16b8c3bcf9bdc9348dd7dd3d02f
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5.orig.tar.gz
      Size/MD5:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_amd64.deb
      Size/MD5:    68686 00a2b4f57d4766e778f5de385c544549

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_i386.deb
      Size/MD5:    63972 b46cbb91273fc79d7ac1c82c3f0a27c5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_powerpc.deb
      Size/MD5:    67680 7f47d3eae5b01639f80c051ba77fbaa6

--tqI+Z3u+9OQ7kwn0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO8ipDecnbV4Fd/IRApy+AKDcCu2Fa9lMuuJYGEtlgkQV0OFn+gCgzQIX
EZd1xRmz5XN5q1cU1cvxCCs=
=TG42
-----END PGP SIGNATURE-----

--tqI+Z3u+9OQ7kwn0--

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

usn-189-1.txt

usn-189-1.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

usn-189-1.txt

Share This

usn-189-1.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems