OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

gcpio -- broken file permissions

Affected packages
gcpio < 2.5p0

Details

VuXML ID 96fd6bc2-7cb8-11d9-abaf-080020fe8945
Discovery 2005-02-04
Entry 2005-02-11

It has been discovered, that cpio, a program to manage archives of files, creates output files with -O and -F with broken permissions due to a reset zero umask which allows local users to read or overwrite those files.

References

CVE Name CAN-1999-1572
URL http://www.debian.org/security/2005/dsa-664

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.