Bug 156313 (CVE-2005-1229) - CVE-2005-1229 cpio directory traversal issue
Summary: CVE-2005-1229 cpio directory traversal issue
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2005-1229
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-28 20:43 UTC by Josh Bressers
Modified: 2021-11-12 19:27 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-10-26 14:29:34 UTC


Attachments (Terms of Use)
fix candidate (6.38 KB, patch)
2005-06-02 09:49 UTC, Peter Vrabec
no flags Details | Diff

Description Josh Bressers 2005-04-28 20:43:51 UTC
Directory traversal vulnerability in cpio 2.6 and earlier allows remote
attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.

Comment 1 Josh Bressers 2005-04-28 20:44:12 UTC
This issue should also affect RHEL2.1 and RHEL3

Comment 2 Josh Bressers 2005-04-28 20:44:58 UTC
Here's the original post:
http://marc.theaimsgroup.com/?l=bugtraq&m=111403177526312&w=2

Comment 3 Peter Vrabec 2005-06-02 09:49:35 UTC
Created attachment 115079 [details]
fix candidate

Replace option --no-absolute-filenames	with --absolute-filenames
Not allow insecure filenames like "/tmp/../../etc/cron/..." ( strip
"/tmp/../../")

but there is a still problem with symlinks in cpio
http://lists.gnu.org/archive/html/bug-cpio/2005-05/msg00003.html

Comment 4 Mark J. Cox 2005-10-26 14:29:34 UTC
This is a funtionality change to fix something that is defined, documented
behaviour.  Therefore a security team review on 20051026 decided this should be
marked as WONTFIX


Note You need to log in before you can comment on or make changes to this bug.