Directory traversal vulnerability in cpio 2.6 and previous versions allows remote malicious users to write to arbitrary directories via a .. (dot dot) in a cpio file.
Imran Ghory found a race condition in the handling of output files
While a file was unpacked with cpio, a local attacker with write
permissions to the target directory could exploit this to change the
permissions of arbitrary files of the cpio user (CAN-2005-1111) ...
Two vulnerabilities have been discovered in cpio, a program to manage
archives of files The Common Vulnerabilities and Exposures project
identifies the following problems:
CAN-2005-1111
Imran Ghory discovered a race condition in setting the file
permissions of files extracted from cpio archives A local
attacker with write access to t ...