156313 – (CVE-2005-1229) CVE-2005-1229 cpio directory traversal issue

Bug 156313 (CVE-2005-1229) - CVE-2005-1229 cpio directory traversal issue

Summary: CVE-2005-1229 cpio directory traversal issue

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2005-1229
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-04-28 20:43 UTC by Josh Bressers
Modified:	2021-11-12 19:27 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-10-26 14:29:34 UTC
Embargoed:

Attachments	(Terms of Use)
fix candidate (6.38 KB, patch) 2005-06-02 09:49 UTC, Peter Vrabec	no flags	Details \| Diff
View All

Description Josh Bressers 2005-04-28 20:43:51 UTC

Directory traversal vulnerability in cpio 2.6 and earlier allows remote
attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.

Comment 1 Josh Bressers 2005-04-28 20:44:12 UTC

This issue should also affect RHEL2.1 and RHEL3

Comment 2 Josh Bressers 2005-04-28 20:44:58 UTC

Here's the original post:
http://marc.theaimsgroup.com/?l=bugtraq&m=111403177526312&w=2

Comment 3 Peter Vrabec 2005-06-02 09:49:35 UTC

Created attachment 115079 [details]
fix candidate

Replace option --no-absolute-filenames	with --absolute-filenames
Not allow insecure filenames like "/tmp/../../etc/cron/..." ( strip
"/tmp/../../")

but there is a still problem with symlinks in cpio
http://lists.gnu.org/archive/html/bug-cpio/2005-05/msg00003.html

Comment 4 Mark J. Cox 2005-10-26 14:29:34 UTC

This is a funtionality change to fix something that is defined, documented
behaviour.  Therefore a security team review on 20051026 decided this should be
marked as WONTFIX

Note You need to log in before you can comment on or make changes to this bug.