[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-cpio] CAN-1999-1572 security bug
From: |
Davide Madrisan |
Subject: |
[Bug-cpio] CAN-1999-1572 security bug |
Date: |
Thu, 10 Mar 2005 16:38:03 +0100 |
User-agent: |
KMail/1.7.2 |
Hi all,
I've just uploaded cpio to version 2.6 and noticed that the security bug
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572
seems not to have been fixed.
> umask
0002
> ./cpio-2.6/src/cpio -o < /tmp/flist -O /tmp/cpio-arch.cpio
> ls -l /tmp/cpio-arch.cpio
-rw-rw-rw- 1 davide davide 512 2005-03-10 15:06 /tmp/cpio-arch.cpio
I've attached the Debian patch ported to cpio 2.6.
Greetings.
#include <best/regards.h>
---
Davide Madrisan
QiLinux Security Team Leader - - http://www.qilinux.it
PGP keyID: 0x4B72B0B9 fp: 2B79 BFF1 EE33 EE8C 3258 E43C CDA8 EFF3 4B72 B0B9
PGP public key: <http://pgp.mit.edu/>
cpio-2.6-CAN-1999-1572.patch
Description: Text Data
pgpsx0SeTFLko.pgp
Description: PGP signature
- [Bug-cpio] CAN-1999-1572 security bug,
Davide Madrisan <=