CVE-2005-1111

Publication date 2 May 2005

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

4.7 · Medium

Score breakdown

Description

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

Status

Package Ubuntu Release Status
cpio 7.04 feisty
Fixed 2.6-10
6.10 edgy
Fixed 2.6-10
6.06 LTS dapper
Fixed 2.6-10

Severity score breakdown

CVSS version: CVSS v3.0

Base score 4.7 · Medium

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

References

Related Ubuntu Security Notices (USN)

    • USN-189-1
    • cpio vulnerabilities
    • 29 September 2005

Other references

Access our resources on patching vulnerabilities