|
CPIO CHMod File Permission Modification Race Condition Weakness
The cpio utility is prone to a security weakness. The issue occurs only when an archive is extracted into a world- or group-writeable directory. Reportedly, cpio employs non-atomic procedures to write a file and later change the permissions on the newly extracted file. A local attacker may leverage this issue to modify file permissions of target files. This weakness affects cpio version 2.6 and previous versions. |
|
|
Privacy Statement |
