Family: Red Hat Local Security Checks --> Category: infos
RHSA-2005-080: cpio Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the cpio packages
Detailed Explanation for this Vulnerability Test
An updated cpio package that fixes a umask bug and supports large files
(>2GB) is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team
GNU cpio copies files into or out of a cpio or tar archive.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all can read
and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-1999-1572 to this issue.
All users of cpio should upgrade to this updated package, which resolves
this issue, and adds support for large files (> 2GB).
Solution : http://rhn.redhat.com/errata/RHSA-2005-080.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.