Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CAN-2005-1111)
Imran Ghory discovered a path traversal vulnerability. Even when the –no-absolute-filenames option was specified, cpio did not filter out “..” path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CAN-2005-1229)
29 September 2005
A security issue affects these releases of Ubuntu and its derivatives:
Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CAN-2005-1111)
Imran Ghory discovered a path traversal vulnerability. Even when the –no-absolute-filenames option was specified, cpio did not filter out “..” path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CAN-2005-1229)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.