Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-1999-1572

Published: 16/07/1996 Updated: 19/10/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Mandrake Linux

Vulnerability Summary

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Vulnerable Product Search on Vulmon Subscribe to Product

mandrakesoft mandrake linux cs3.0

redhat enterprise linux 4.0

debian debian linux 3.0

freebsd freebsd 2.1.0

mandrakesoft mandrake linux 10.0

mandrakesoft mandrake linux 10.1

redhat enterprise linux desktop 4.0

ubuntu ubuntu linux 4.10

mandrakesoft mandrake linux 9.2

mandrakesoft mandrake linux cs2.1

Vendor Advisories

Ubuntu Security Notice: cpio vulnerability
Recently it was discovered that cpio created world-writeable files when used in -o/–create mode with giving an output file (with -O) This allowed any user to modify the created cpio archives Now cpio respects the current umask setting of the user ...
Red Hat: cpio security update
Synopsis cpio security update Type/Severity Security Advisory: Low Topic An updated cpio package that fixes multiple issues is now availableThis update has been rated as having low security impact by the Red HatSecurity Response Team Description GNU cpio copies files into or out of a cpio ...
Red Hat: cpio security update
Synopsis cpio security update Type/Severity Security Advisory: Low Topic An updated cpio package that fixes a umask bug is now available for Red HatEnterprise Linux 4This update has been rated as having low security impact by the Red HatSecurity Response Team Description GNU cpio copies fi ...
Red Hat: cpio security update
Synopsis cpio security update Type/Severity Security Advisory: Low Topic An updated cpio package that fixes a umask bug and supports large files(>2GB) is now availableThis update has been rated as having low security impact by the Red HatSecurity Response Team Description GNU cpio copie ...
Debian Security Advisories: DSA-664-1 cpio -- broken file permissions
It has been discovered, that cpio, a program to manage archives of files, creates output files with -O and -F with broken permissions due to a reset zero umask which allows local users to read or overwrite those files For the stable distribution (woody) this problem has been fixed in version 242-39woody1 For the unstable distribution (sid) this ...

References

NVD-CWE-Otherhttp://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391http://www.debian.org/security/2005/dsa-664http://www.redhat.com/support/errata/RHSA-2005-073.htmlhttp://www.redhat.com/support/errata/RHSA-2005-080.htmlhttp://www.trustix.org/errata/2005/0003/http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdfhttp://www.redhat.com/support/errata/RHSA-2005-806.htmlhttp://secunia.com/advisories/14357http://secunia.com/advisories/17063http://secunia.com/advisories/17532http://www.mandriva.com/security/advisories?name=MDKSA-2005:032http://marc.info/?l=bugtraq&m=110763404701519&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/19167https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888https://usn.ubuntu.com/75-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook