Race condition in cpio 2.6 and previous versions allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu cpio |
||
debian debian linux 3.1 |
||
debian debian linux 3.0 |
||
canonical ubuntu linux 4.10 |
||
canonical ubuntu linux 5.04 |