[Bug-cpio] CAN-1999-1572 security bug

bug-cpio

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-cpio] CAN-1999-1572 security bug

From:	Davide Madrisan
Subject:	[Bug-cpio] CAN-1999-1572 security bug
Date:	Thu, 10 Mar 2005 16:38:03 +0100
User-agent:	KMail/1.7.2

Hi all,

I've just uploaded cpio to version 2.6 and noticed that the security bug
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572
seems not to have been fixed.

> umask
0002
> ./cpio-2.6/src/cpio -o < /tmp/flist -O /tmp/cpio-arch.cpio 
> ls -l /tmp/cpio-arch.cpio 
-rw-rw-rw-  1 davide davide 512 2005-03-10 15:06 /tmp/cpio-arch.cpio

I've attached the Debian patch ported to cpio 2.6.
Greetings.

#include <best/regards.h>
---
Davide Madrisan
QiLinux Security Team Leader - - http://www.qilinux.it
PGP keyID: 0x4B72B0B9 fp: 2B79 BFF1 EE33 EE8C 3258 E43C CDA8 EFF3 4B72 B0B9
PGP public key: <http://pgp.mit.edu/>

cpio-2.6-CAN-1999-1572.patch
Description: Text Data

pgpsx0SeTFLko.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-cpio] CAN-1999-1572 security bug, Davide Madrisan <=
- Re: [Bug-cpio] CAN-1999-1572 security bug, Sergey Poznyakoff, 2005/03/10

Prev by Date: [Bug-cpio] restore from tape created with tob (afio)?
Next by Date: Re: [Bug-cpio] CAN-1999-1572 security bug
Previous by thread: [Bug-cpio] restore from tape created with tob (afio)?
Next by thread: Re: [Bug-cpio] CAN-1999-1572 security bug
Index(es):
- Date
- Thread