CPIO Archiver Local Insecure File Creation Vulnerability

Bugtraq ID: 12404
Class: Design Error
CVE: CVE-1999-1572
Remote: No
Local: Yes
Published: Jul 16 1996 12:00AM
Updated: Jul 12 2009 10:06AM
Credit: Georg-W. Koltermann is credited with the discovery of this issue.
Vulnerable: Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Server 10.0
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
SGI Advanced Linux Environment 3.0
Redhat Enterprise Linux WS 3
Redhat Enterprise Linux WS 2.1 IA64
Redhat Enterprise Linux WS 2.1
Redhat Enterprise Linux ES 3
Redhat Enterprise Linux ES 2.1 IA64
Redhat Enterprise Linux ES 2.1
Redhat Enterprise Linux AS 3
Redhat Enterprise Linux AS 2.1 IA64
Redhat Enterprise Linux AS 2.1
Redhat Desktop 3.0
Redhat Advanced Workstation for the Itanium Processor 2.1 IA64
Redhat Advanced Workstation for the Itanium Processor 2.1
GNU cpio 1.2
GNU cpio 1.1
GNU cpio 1.0
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Avaya Integrated Management 2.1
Avaya Integrated Management
Avaya CVLAN
Not Vulnerable: GNU cpio 2.6
+ Gentoo Linux
+ Mandriva Linux Mandrake 2006.0 x86_64
+ Mandriva Linux Mandrake 2006.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
GNU cpio 2.5.90
GNU cpio 2.5
+ Debian Linux 3.1
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Ubuntu Ubuntu Linux 5.10 powerpc
+ Ubuntu Ubuntu Linux 5.10 i386
+ Ubuntu Ubuntu Linux 5.10 amd64
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
GNU cpio 2.4.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
GNU cpio 1.3


 

Privacy Statement
Copyright 2010, SecurityFocus