bug-cpio
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-cpio] CAN-1999-1572 security bug


From: Davide Madrisan
Subject: [Bug-cpio] CAN-1999-1572 security bug
Date: Thu, 10 Mar 2005 16:38:03 +0100
User-agent: KMail/1.7.2

Hi all,

I've just uploaded cpio to version 2.6 and noticed that the security bug
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572
seems not to have been fixed.

> umask
0002
> ./cpio-2.6/src/cpio -o < /tmp/flist -O /tmp/cpio-arch.cpio 
> ls -l /tmp/cpio-arch.cpio 
-rw-rw-rw-  1 davide davide 512 2005-03-10 15:06 /tmp/cpio-arch.cpio

I've attached the Debian patch ported to cpio 2.6.
Greetings.

#include <best/regards.h>
---
Davide Madrisan
QiLinux Security Team Leader - - http://www.qilinux.it
PGP keyID: 0x4B72B0B9 fp: 2B79 BFF1 EE33 EE8C 3258 E43C CDA8 EFF3 4B72 B0B9
PGP public key: <http://pgp.mit.edu/>

Attachment: cpio-2.6-CAN-1999-1572.patch
Description: Text Data

Attachment: pgpsx0SeTFLko.pgp
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]