exploits , vulnerabilities , articles , CPIO CHMod File Permission Modification Race Condition Weakness

Title	CPIO CHMod File Permission Modification Race Condition Weakness
Published	2005-04-13-12:00AM
Updated	2005-11-10-08:00PM
Class	Race Condition Error
CVE	CAN-2005-1111
Remote	No
Local	Yes
Credit	Discovery of this weakness is credited to Imran Ghory <imranghory@gmail.com>.
Vulnerable	Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux 10 F... Turbolinux Home Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Enterprise Linux 2.0 SGI ProPack 3.0 SP6 SCO Unixware 7.1.4 SCO Unixware 7.1.3 up SCO Unixware 7.1.3 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 MandrakeSoft Linux Mandrake 10.2 x86_64 MandrakeSoft Linux Mandrake 10.2 MandrakeSoft Linux Mandrake 10.1 x86_64 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.0 amd64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 GNU cpio 2.6 Gentoo Linux GNU cpio 2.5.90 GNU cpio 2.5 Debian Linux 3.1 MandrakeSoft Corporate Server 2.1 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 10.0 amd64 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.1 x86_64 Ubuntu Ubuntu Linux 4.1 ia32 Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 powerpc GNU cpio 2.4.2 Debian Linux 3.0 Debian Linux 3.0 alpha Debian Linux 3.0 arm Debian Linux 3.0 hppa Debian Linux 3.0 ia32 Debian Linux 3.0 ia64 Debian Linux 3.0 m68k Debian Linux 3.0 mips Debian Linux 3.0 mipsel Debian Linux 3.0 ppc Debian Linux 3.0 s/390 Debian Linux 3.0 sparc GNU cpio 1.3 GNU cpio 1.2 GNU cpio 1.1 GNU cpio 1.0 Conectiva Linux 10.0 Avaya Intuity Audix R5
Not Vulnerable
Code	No exploit is required.
TXT

Vulnerabilities - newest 10 RSS | More

2008-12-01 SystemImager Flamethrower Insecure Temporary File Creation Vulnerabilities
2008-12-01 Rumpus FTP Server Command Argument Remote Buffer Overflow Vulnerability
2008-12-01 Rumpus FTP Server HTTP Command Remote Denial of Service Vulnerability
2008-11-29 Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
2008-11-29 Venalsur Booking Centre Multiple Cross-Site Scripting Vulnerabilities
2008-11-28 ReVou Login SQL Injection Vulnerability
2008-11-28 Web Calendar System SQL Injection and Cross Site Scripting Vulnerabilities
2008-11-28 SailPlanner Login SQL Injection Vulnerability
2008-11-28 Livio.net WEB Calendar Cross Site Scripting and Multiple SQL Injection Vulnerabilities
2008-11-28 Subtext Anchor Tags HTML Injection Vulnerability