Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-1999-1572
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-01 17:18
Severity ?
EPSS score ?
Summary
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:18:07.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050204 [USN-75-1] cpio vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2"
},
{
"name": "RHSA-2005:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-073.html"
},
{
"name": "cpio-o-archive-insecure-permissions(19167)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19167"
},
{
"name": "17063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17063"
},
{
"name": "17532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17532"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf"
},
{
"name": "RHSA-2005:080",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-080.html"
},
{
"name": "oval:org.mitre.oval:def:10888",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391"
},
{
"name": "14357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14357"
},
{
"name": "MDKSA-2005:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:032"
},
{
"name": "DSA-664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-664"
},
{
"name": "RHSA-2005:806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1997-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050204 [USN-75-1] cpio vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2"
},
{
"name": "RHSA-2005:073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-073.html"
},
{
"name": "cpio-o-archive-insecure-permissions(19167)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19167"
},
{
"name": "17063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17063"
},
{
"name": "17532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17532"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf"
},
{
"name": "RHSA-2005:080",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-080.html"
},
{
"name": "oval:org.mitre.oval:def:10888",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391"
},
{
"name": "14357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14357"
},
{
"name": "MDKSA-2005:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:032"
},
{
"name": "DSA-664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-664"
},
{
"name": "RHSA-2005:806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050204 [USN-75-1] cpio vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2"
},
{
"name": "RHSA-2005:073",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-073.html"
},
{
"name": "cpio-o-archive-insecure-permissions(19167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19167"
},
{
"name": "17063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17063"
},
{
"name": "17532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17532"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf"
},
{
"name": "RHSA-2005:080",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-080.html"
},
{
"name": "oval:org.mitre.oval:def:10888",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888"
},
{
"name": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391",
"refsource": "MISC",
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391"
},
{
"name": "14357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14357"
},
{
"name": "MDKSA-2005:032",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:032"
},
{
"name": "DSA-664",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-664"
},
{
"name": "RHSA-2005:806",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1572",
"datePublished": "2005-01-29T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-01T17:18:07.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CAE037F-111C-4A76-8FFE-716B74D65EF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27C9E23D-AB82-4AE1-873E-C5493BB96AA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4177C378-7729-46AB-B49B-C6DAED3200E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3528DABD-B821-4D23-AE12-614A9CA92C46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:cs2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5B3DB31-3998-4B75-A972-0F2675ACCA2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:cs3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37145402-6EC5-4700-8863-CE563A4F37F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*\", \"matchCriteriaId\": \"F9440B25-D206-4914-9557-B5F030890DEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*\", \"matchCriteriaId\": \"E9933557-3BCA-4D92-AD4F-27758A0D3347\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*\", \"matchCriteriaId\": \"10A60552-15A5-4E95-B3CE-99A4B26260C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D74A418-50F0-42C0-ABBC-BBBE718FF025\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ubuntu:ubuntu_linux:4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C62EF915-CA7C-4D75-BC67-E015772BB9CF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.\"}]",
"evaluatorSolution": "Fixed in rev 1.3 of cpio/main.c.",
"id": "CVE-1999-1572",
"lastModified": "2024-11-20T23:31:26.203",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "1996-07-16T04:00:00.000",
"references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/14357\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/17063\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/17532\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2005/dsa-664\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2005:032\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-073.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-080.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-806.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.trustix.org/errata/2005/0003/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/19167\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/14357\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/17063\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/17532\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2005/dsa-664\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2005:032\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-073.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-080.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-806.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.trustix.org/errata/2005/0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/19167\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\", \"lastModified\": \"2007-03-14T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-1999-1572\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"1996-07-16T04:00:00.000\",\"lastModified\":\"2024-11-20T23:31:26.203\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CAE037F-111C-4A76-8FFE-716B74D65EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27C9E23D-AB82-4AE1-873E-C5493BB96AA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4177C378-7729-46AB-B49B-C6DAED3200E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3528DABD-B821-4D23-AE12-614A9CA92C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:cs2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5B3DB31-3998-4B75-A972-0F2675ACCA2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:cs3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37145402-6EC5-4700-8863-CE563A4F37F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*\",\"matchCriteriaId\":\"F9440B25-D206-4914-9557-B5F030890DEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*\",\"matchCriteriaId\":\"E9933557-3BCA-4D92-AD4F-27758A0D3347\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*\",\"matchCriteriaId\":\"10A60552-15A5-4E95-B3CE-99A4B26260C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D74A418-50F0-42C0-ABBC-BBBE718FF025\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ubuntu:ubuntu_linux:4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C62EF915-CA7C-4D75-BC67-E015772BB9CF\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/14357\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/17063\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/17532\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2005/dsa-664\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2005:032\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-073.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-080.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-806.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.trustix.org/errata/2005/0003/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/19167\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/14357\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/17063\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/17532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2005/dsa-664\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2005:032\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-073.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-080.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-806.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.trustix.org/errata/2005/0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/19167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"Fixed in rev 1.3 of cpio/main.c.\",\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\",\"lastModified\":\"2007-03-14T00:00:00\"}]}}"
}
}
rhsa-2005:080
Vulnerability from csaf_redhat
Published
2005-02-18 15:28
Modified
2024-11-21 23:26
Summary
Red Hat Security Advisory: cpio security update
Notes
Topic
An updated cpio package that fixes a umask bug and supports large files
(>2GB) is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team
Details
GNU cpio copies files into or out of a cpio or tar archive.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all can read
and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-1999-1572 to this issue.
All users of cpio should upgrade to this updated package, which resolves
this issue, and adds support for large files (> 2GB).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes a umask bug and supports large files\n(\u003e2GB) is now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all can read\nand write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-1999-1572 to this issue.\n\nAll users of cpio should upgrade to this updated package, which resolves\nthis issue, and adds support for large files (\u003e 2GB).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:080",
"url": "https://access.redhat.com/errata/RHSA-2005:080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "105617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=105617"
},
{
"category": "external",
"summary": "144688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=144688"
},
{
"category": "external",
"summary": "145720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=145720"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_080.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:26:15+00:00",
"generator": {
"date": "2024-11-21T23:26:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:080",
"initial_release_date": "2005-02-18T15:28:00+00:00",
"revision_history": [
{
"date": "2005-02-18T15:28:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-02-18T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:26:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.ia64",
"product": {
"name": "cpio-0:2.5-3e.3.ia64",
"product_id": "cpio-0:2.5-3e.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.ia64",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64",
"product_id": "cpio-debuginfo-0:2.5-3e.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.src",
"product": {
"name": "cpio-0:2.5-3e.3.src",
"product_id": "cpio-0:2.5-3e.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.x86_64",
"product": {
"name": "cpio-0:2.5-3e.3.x86_64",
"product_id": "cpio-0:2.5-3e.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"product_id": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.i386",
"product": {
"name": "cpio-0:2.5-3e.3.i386",
"product_id": "cpio-0:2.5-3e.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.i386",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386",
"product_id": "cpio-debuginfo-0:2.5-3e.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.ppc",
"product": {
"name": "cpio-0:2.5-3e.3.ppc",
"product_id": "cpio-0:2.5-3e.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.ppc",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc",
"product_id": "cpio-debuginfo-0:2.5-3e.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.s390x",
"product": {
"name": "cpio-0:2.5-3e.3.s390x",
"product_id": "cpio-0:2.5-3e.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.s390x",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x",
"product_id": "cpio-debuginfo-0:2.5-3e.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.s390",
"product": {
"name": "cpio-0:2.5-3e.3.s390",
"product_id": "cpio-0:2.5-3e.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.s390",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390",
"product_id": "cpio-debuginfo-0:2.5-3e.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS:cpio-0:2.5-3e.3.i386",
"3AS:cpio-0:2.5-3e.3.ia64",
"3AS:cpio-0:2.5-3e.3.ppc",
"3AS:cpio-0:2.5-3e.3.s390",
"3AS:cpio-0:2.5-3e.3.s390x",
"3AS:cpio-0:2.5-3e.3.src",
"3AS:cpio-0:2.5-3e.3.x86_64",
"3AS:cpio-debuginfo-0:2.5-3e.3.i386",
"3AS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3AS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3AS:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3Desktop:cpio-0:2.5-3e.3.i386",
"3Desktop:cpio-0:2.5-3e.3.ia64",
"3Desktop:cpio-0:2.5-3e.3.ppc",
"3Desktop:cpio-0:2.5-3e.3.s390",
"3Desktop:cpio-0:2.5-3e.3.s390x",
"3Desktop:cpio-0:2.5-3e.3.src",
"3Desktop:cpio-0:2.5-3e.3.x86_64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.i386",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ia64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ppc",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390x",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3ES:cpio-0:2.5-3e.3.i386",
"3ES:cpio-0:2.5-3e.3.ia64",
"3ES:cpio-0:2.5-3e.3.ppc",
"3ES:cpio-0:2.5-3e.3.s390",
"3ES:cpio-0:2.5-3e.3.s390x",
"3ES:cpio-0:2.5-3e.3.src",
"3ES:cpio-0:2.5-3e.3.x86_64",
"3ES:cpio-debuginfo-0:2.5-3e.3.i386",
"3ES:cpio-debuginfo-0:2.5-3e.3.ia64",
"3ES:cpio-debuginfo-0:2.5-3e.3.ppc",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390x",
"3ES:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3WS:cpio-0:2.5-3e.3.i386",
"3WS:cpio-0:2.5-3e.3.ia64",
"3WS:cpio-0:2.5-3e.3.ppc",
"3WS:cpio-0:2.5-3e.3.s390",
"3WS:cpio-0:2.5-3e.3.s390x",
"3WS:cpio-0:2.5-3e.3.src",
"3WS:cpio-0:2.5-3e.3.x86_64",
"3WS:cpio-debuginfo-0:2.5-3e.3.i386",
"3WS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3WS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3WS:cpio-debuginfo-0:2.5-3e.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-02-18T15:28:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:cpio-0:2.5-3e.3.i386",
"3AS:cpio-0:2.5-3e.3.ia64",
"3AS:cpio-0:2.5-3e.3.ppc",
"3AS:cpio-0:2.5-3e.3.s390",
"3AS:cpio-0:2.5-3e.3.s390x",
"3AS:cpio-0:2.5-3e.3.src",
"3AS:cpio-0:2.5-3e.3.x86_64",
"3AS:cpio-debuginfo-0:2.5-3e.3.i386",
"3AS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3AS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3AS:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3Desktop:cpio-0:2.5-3e.3.i386",
"3Desktop:cpio-0:2.5-3e.3.ia64",
"3Desktop:cpio-0:2.5-3e.3.ppc",
"3Desktop:cpio-0:2.5-3e.3.s390",
"3Desktop:cpio-0:2.5-3e.3.s390x",
"3Desktop:cpio-0:2.5-3e.3.src",
"3Desktop:cpio-0:2.5-3e.3.x86_64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.i386",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ia64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ppc",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390x",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3ES:cpio-0:2.5-3e.3.i386",
"3ES:cpio-0:2.5-3e.3.ia64",
"3ES:cpio-0:2.5-3e.3.ppc",
"3ES:cpio-0:2.5-3e.3.s390",
"3ES:cpio-0:2.5-3e.3.s390x",
"3ES:cpio-0:2.5-3e.3.src",
"3ES:cpio-0:2.5-3e.3.x86_64",
"3ES:cpio-debuginfo-0:2.5-3e.3.i386",
"3ES:cpio-debuginfo-0:2.5-3e.3.ia64",
"3ES:cpio-debuginfo-0:2.5-3e.3.ppc",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390x",
"3ES:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3WS:cpio-0:2.5-3e.3.i386",
"3WS:cpio-0:2.5-3e.3.ia64",
"3WS:cpio-0:2.5-3e.3.ppc",
"3WS:cpio-0:2.5-3e.3.s390",
"3WS:cpio-0:2.5-3e.3.s390x",
"3WS:cpio-0:2.5-3e.3.src",
"3WS:cpio-0:2.5-3e.3.x86_64",
"3WS:cpio-debuginfo-0:2.5-3e.3.i386",
"3WS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3WS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3WS:cpio-debuginfo-0:2.5-3e.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:080"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
RHSA-2005:073
Vulnerability from csaf_redhat
Published
2005-02-15 10:13
Modified
2024-11-21 23:26
Summary
Red Hat Security Advisory: cpio security update
Notes
Topic
An updated cpio package that fixes a umask bug is now available for Red Hat
Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team
Details
GNU cpio copies files into or out of a cpio or tar archive.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all can read
and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-1999-1572 to this issue.
Users of cpio should upgrade to this updated package, which resolves
this issue.
Red Hat would like to thank Mike O'Connor for bringing this issue to our
attention.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes a umask bug is now available for Red Hat\nEnterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all can read\nand write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-1999-1572 to this issue.\n\nUsers of cpio should upgrade to this updated package, which resolves\nthis issue.\n\nRed Hat would like to thank Mike O\u0027Connor for bringing this issue to our\nattention.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:073",
"url": "https://access.redhat.com/errata/RHSA-2005:073"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "145725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=145725"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_073.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:26:10+00:00",
"generator": {
"date": "2024-11-21T23:26:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:073",
"initial_release_date": "2005-02-15T10:13:00+00:00",
"revision_history": [
{
"date": "2005-02-15T10:13:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-02-15T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:26:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.ia64",
"product": {
"name": "cpio-0:2.5-7.EL4.1.ia64",
"product_id": "cpio-0:2.5-7.EL4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.src",
"product": {
"name": "cpio-0:2.5-7.EL4.1.src",
"product_id": "cpio-0:2.5-7.EL4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.x86_64",
"product": {
"name": "cpio-0:2.5-7.EL4.1.x86_64",
"product_id": "cpio-0:2.5-7.EL4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.i386",
"product": {
"name": "cpio-0:2.5-7.EL4.1.i386",
"product_id": "cpio-0:2.5-7.EL4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.ppc",
"product": {
"name": "cpio-0:2.5-7.EL4.1.ppc",
"product_id": "cpio-0:2.5-7.EL4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.s390",
"product": {
"name": "cpio-0:2.5-7.EL4.1.s390",
"product_id": "cpio-0:2.5-7.EL4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.s390x",
"product": {
"name": "cpio-0:2.5-7.EL4.1.s390x",
"product_id": "cpio-0:2.5-7.EL4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS:cpio-0:2.5-7.EL4.1.i386",
"4AS:cpio-0:2.5-7.EL4.1.ia64",
"4AS:cpio-0:2.5-7.EL4.1.ppc",
"4AS:cpio-0:2.5-7.EL4.1.s390",
"4AS:cpio-0:2.5-7.EL4.1.s390x",
"4AS:cpio-0:2.5-7.EL4.1.src",
"4AS:cpio-0:2.5-7.EL4.1.x86_64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-0:2.5-7.EL4.1.src",
"4Desktop:cpio-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-0:2.5-7.EL4.1.i386",
"4ES:cpio-0:2.5-7.EL4.1.ia64",
"4ES:cpio-0:2.5-7.EL4.1.ppc",
"4ES:cpio-0:2.5-7.EL4.1.s390",
"4ES:cpio-0:2.5-7.EL4.1.s390x",
"4ES:cpio-0:2.5-7.EL4.1.src",
"4ES:cpio-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-0:2.5-7.EL4.1.i386",
"4WS:cpio-0:2.5-7.EL4.1.ia64",
"4WS:cpio-0:2.5-7.EL4.1.ppc",
"4WS:cpio-0:2.5-7.EL4.1.s390",
"4WS:cpio-0:2.5-7.EL4.1.s390x",
"4WS:cpio-0:2.5-7.EL4.1.src",
"4WS:cpio-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-02-15T10:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"4AS:cpio-0:2.5-7.EL4.1.i386",
"4AS:cpio-0:2.5-7.EL4.1.ia64",
"4AS:cpio-0:2.5-7.EL4.1.ppc",
"4AS:cpio-0:2.5-7.EL4.1.s390",
"4AS:cpio-0:2.5-7.EL4.1.s390x",
"4AS:cpio-0:2.5-7.EL4.1.src",
"4AS:cpio-0:2.5-7.EL4.1.x86_64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-0:2.5-7.EL4.1.src",
"4Desktop:cpio-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-0:2.5-7.EL4.1.i386",
"4ES:cpio-0:2.5-7.EL4.1.ia64",
"4ES:cpio-0:2.5-7.EL4.1.ppc",
"4ES:cpio-0:2.5-7.EL4.1.s390",
"4ES:cpio-0:2.5-7.EL4.1.s390x",
"4ES:cpio-0:2.5-7.EL4.1.src",
"4ES:cpio-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-0:2.5-7.EL4.1.i386",
"4WS:cpio-0:2.5-7.EL4.1.ia64",
"4WS:cpio-0:2.5-7.EL4.1.ppc",
"4WS:cpio-0:2.5-7.EL4.1.s390",
"4WS:cpio-0:2.5-7.EL4.1.s390x",
"4WS:cpio-0:2.5-7.EL4.1.src",
"4WS:cpio-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:073"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
rhsa-2005_806
Vulnerability from csaf_redhat
Published
2005-11-10 19:01
Modified
2024-11-21 23:41
Summary
Red Hat Security Advisory: cpio security update
Notes
Topic
An updated cpio package that fixes multiple issues is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
GNU cpio copies files into or out of a cpio or tar archive.
A race condition bug was found in cpio. It is possible for a local
malicious user to modify the permissions of a local file if they have write
access to a directory in which a cpio archive is being extracted. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-1111 to this issue.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all users can
read and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-1999-1572 to this issue.
All users of cpio are advised to upgrade to this updated package, which
contains backported fixes for these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes multiple issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nA race condition bug was found in cpio. It is possible for a local\nmalicious user to modify the permissions of a local file if they have write\naccess to a directory in which a cpio archive is being extracted. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCVE-2005-1111 to this issue.\n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all users can\nread and write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCVE-1999-1572 to this issue.\n\nAll users of cpio are advised to upgrade to this updated package, which\ncontains backported fixes for these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:806",
"url": "https://access.redhat.com/errata/RHSA-2005:806"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "169760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=169760"
},
{
"category": "external",
"summary": "172191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172191"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_806.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:41:19+00:00",
"generator": {
"date": "2024-11-21T23:41:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:806",
"initial_release_date": "2005-11-10T19:01:00+00:00",
"revision_history": [
{
"date": "2005-11-10T19:01:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-11-10T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:41:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux Advanced Workstation 2.1",
"product": {
"name": "Red Hat Linux Advanced Workstation 2.1",
"product_id": "Red Hat Linux Advanced Workstation 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 2.1",
"product": {
"name": "Red Hat Enterprise Linux ES version 2.1",
"product_id": "Red Hat Enterprise Linux ES version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 2.1",
"product": {
"name": "Red Hat Enterprise Linux WS version 2.1",
"product_id": "Red Hat Enterprise Linux WS version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-11-10T19:01:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:806"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2005-1111",
"discovery_date": "2005-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617604"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-1111"
},
{
"category": "external",
"summary": "RHBZ#1617604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-1111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111"
}
],
"release_date": "2005-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-11-10T19:01:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:806"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2005_080
Vulnerability from csaf_redhat
Published
2005-02-18 15:28
Modified
2024-11-21 23:26
Summary
Red Hat Security Advisory: cpio security update
Notes
Topic
An updated cpio package that fixes a umask bug and supports large files
(>2GB) is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team
Details
GNU cpio copies files into or out of a cpio or tar archive.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all can read
and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-1999-1572 to this issue.
All users of cpio should upgrade to this updated package, which resolves
this issue, and adds support for large files (> 2GB).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes a umask bug and supports large files\n(\u003e2GB) is now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all can read\nand write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-1999-1572 to this issue.\n\nAll users of cpio should upgrade to this updated package, which resolves\nthis issue, and adds support for large files (\u003e 2GB).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:080",
"url": "https://access.redhat.com/errata/RHSA-2005:080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "105617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=105617"
},
{
"category": "external",
"summary": "144688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=144688"
},
{
"category": "external",
"summary": "145720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=145720"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_080.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:26:15+00:00",
"generator": {
"date": "2024-11-21T23:26:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:080",
"initial_release_date": "2005-02-18T15:28:00+00:00",
"revision_history": [
{
"date": "2005-02-18T15:28:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-02-18T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:26:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.ia64",
"product": {
"name": "cpio-0:2.5-3e.3.ia64",
"product_id": "cpio-0:2.5-3e.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.ia64",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64",
"product_id": "cpio-debuginfo-0:2.5-3e.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.src",
"product": {
"name": "cpio-0:2.5-3e.3.src",
"product_id": "cpio-0:2.5-3e.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.x86_64",
"product": {
"name": "cpio-0:2.5-3e.3.x86_64",
"product_id": "cpio-0:2.5-3e.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"product_id": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.i386",
"product": {
"name": "cpio-0:2.5-3e.3.i386",
"product_id": "cpio-0:2.5-3e.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.i386",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386",
"product_id": "cpio-debuginfo-0:2.5-3e.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.ppc",
"product": {
"name": "cpio-0:2.5-3e.3.ppc",
"product_id": "cpio-0:2.5-3e.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.ppc",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc",
"product_id": "cpio-debuginfo-0:2.5-3e.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.s390x",
"product": {
"name": "cpio-0:2.5-3e.3.s390x",
"product_id": "cpio-0:2.5-3e.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.s390x",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x",
"product_id": "cpio-debuginfo-0:2.5-3e.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.s390",
"product": {
"name": "cpio-0:2.5-3e.3.s390",
"product_id": "cpio-0:2.5-3e.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.s390",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390",
"product_id": "cpio-debuginfo-0:2.5-3e.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS:cpio-0:2.5-3e.3.i386",
"3AS:cpio-0:2.5-3e.3.ia64",
"3AS:cpio-0:2.5-3e.3.ppc",
"3AS:cpio-0:2.5-3e.3.s390",
"3AS:cpio-0:2.5-3e.3.s390x",
"3AS:cpio-0:2.5-3e.3.src",
"3AS:cpio-0:2.5-3e.3.x86_64",
"3AS:cpio-debuginfo-0:2.5-3e.3.i386",
"3AS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3AS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3AS:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3Desktop:cpio-0:2.5-3e.3.i386",
"3Desktop:cpio-0:2.5-3e.3.ia64",
"3Desktop:cpio-0:2.5-3e.3.ppc",
"3Desktop:cpio-0:2.5-3e.3.s390",
"3Desktop:cpio-0:2.5-3e.3.s390x",
"3Desktop:cpio-0:2.5-3e.3.src",
"3Desktop:cpio-0:2.5-3e.3.x86_64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.i386",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ia64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ppc",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390x",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3ES:cpio-0:2.5-3e.3.i386",
"3ES:cpio-0:2.5-3e.3.ia64",
"3ES:cpio-0:2.5-3e.3.ppc",
"3ES:cpio-0:2.5-3e.3.s390",
"3ES:cpio-0:2.5-3e.3.s390x",
"3ES:cpio-0:2.5-3e.3.src",
"3ES:cpio-0:2.5-3e.3.x86_64",
"3ES:cpio-debuginfo-0:2.5-3e.3.i386",
"3ES:cpio-debuginfo-0:2.5-3e.3.ia64",
"3ES:cpio-debuginfo-0:2.5-3e.3.ppc",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390x",
"3ES:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3WS:cpio-0:2.5-3e.3.i386",
"3WS:cpio-0:2.5-3e.3.ia64",
"3WS:cpio-0:2.5-3e.3.ppc",
"3WS:cpio-0:2.5-3e.3.s390",
"3WS:cpio-0:2.5-3e.3.s390x",
"3WS:cpio-0:2.5-3e.3.src",
"3WS:cpio-0:2.5-3e.3.x86_64",
"3WS:cpio-debuginfo-0:2.5-3e.3.i386",
"3WS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3WS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3WS:cpio-debuginfo-0:2.5-3e.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-02-18T15:28:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:cpio-0:2.5-3e.3.i386",
"3AS:cpio-0:2.5-3e.3.ia64",
"3AS:cpio-0:2.5-3e.3.ppc",
"3AS:cpio-0:2.5-3e.3.s390",
"3AS:cpio-0:2.5-3e.3.s390x",
"3AS:cpio-0:2.5-3e.3.src",
"3AS:cpio-0:2.5-3e.3.x86_64",
"3AS:cpio-debuginfo-0:2.5-3e.3.i386",
"3AS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3AS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3AS:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3Desktop:cpio-0:2.5-3e.3.i386",
"3Desktop:cpio-0:2.5-3e.3.ia64",
"3Desktop:cpio-0:2.5-3e.3.ppc",
"3Desktop:cpio-0:2.5-3e.3.s390",
"3Desktop:cpio-0:2.5-3e.3.s390x",
"3Desktop:cpio-0:2.5-3e.3.src",
"3Desktop:cpio-0:2.5-3e.3.x86_64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.i386",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ia64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ppc",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390x",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3ES:cpio-0:2.5-3e.3.i386",
"3ES:cpio-0:2.5-3e.3.ia64",
"3ES:cpio-0:2.5-3e.3.ppc",
"3ES:cpio-0:2.5-3e.3.s390",
"3ES:cpio-0:2.5-3e.3.s390x",
"3ES:cpio-0:2.5-3e.3.src",
"3ES:cpio-0:2.5-3e.3.x86_64",
"3ES:cpio-debuginfo-0:2.5-3e.3.i386",
"3ES:cpio-debuginfo-0:2.5-3e.3.ia64",
"3ES:cpio-debuginfo-0:2.5-3e.3.ppc",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390x",
"3ES:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3WS:cpio-0:2.5-3e.3.i386",
"3WS:cpio-0:2.5-3e.3.ia64",
"3WS:cpio-0:2.5-3e.3.ppc",
"3WS:cpio-0:2.5-3e.3.s390",
"3WS:cpio-0:2.5-3e.3.s390x",
"3WS:cpio-0:2.5-3e.3.src",
"3WS:cpio-0:2.5-3e.3.x86_64",
"3WS:cpio-debuginfo-0:2.5-3e.3.i386",
"3WS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3WS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3WS:cpio-debuginfo-0:2.5-3e.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:080"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
RHSA-2005:080
Vulnerability from csaf_redhat
Published
2005-02-18 15:28
Modified
2024-11-21 23:26
Summary
Red Hat Security Advisory: cpio security update
Notes
Topic
An updated cpio package that fixes a umask bug and supports large files
(>2GB) is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team
Details
GNU cpio copies files into or out of a cpio or tar archive.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all can read
and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-1999-1572 to this issue.
All users of cpio should upgrade to this updated package, which resolves
this issue, and adds support for large files (> 2GB).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes a umask bug and supports large files\n(\u003e2GB) is now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all can read\nand write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-1999-1572 to this issue.\n\nAll users of cpio should upgrade to this updated package, which resolves\nthis issue, and adds support for large files (\u003e 2GB).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:080",
"url": "https://access.redhat.com/errata/RHSA-2005:080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "105617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=105617"
},
{
"category": "external",
"summary": "144688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=144688"
},
{
"category": "external",
"summary": "145720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=145720"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_080.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:26:15+00:00",
"generator": {
"date": "2024-11-21T23:26:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:080",
"initial_release_date": "2005-02-18T15:28:00+00:00",
"revision_history": [
{
"date": "2005-02-18T15:28:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-02-18T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:26:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.ia64",
"product": {
"name": "cpio-0:2.5-3e.3.ia64",
"product_id": "cpio-0:2.5-3e.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.ia64",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64",
"product_id": "cpio-debuginfo-0:2.5-3e.3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.src",
"product": {
"name": "cpio-0:2.5-3e.3.src",
"product_id": "cpio-0:2.5-3e.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.x86_64",
"product": {
"name": "cpio-0:2.5-3e.3.x86_64",
"product_id": "cpio-0:2.5-3e.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"product_id": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.i386",
"product": {
"name": "cpio-0:2.5-3e.3.i386",
"product_id": "cpio-0:2.5-3e.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.i386",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386",
"product_id": "cpio-debuginfo-0:2.5-3e.3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.ppc",
"product": {
"name": "cpio-0:2.5-3e.3.ppc",
"product_id": "cpio-0:2.5-3e.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.ppc",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc",
"product_id": "cpio-debuginfo-0:2.5-3e.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.s390x",
"product": {
"name": "cpio-0:2.5-3e.3.s390x",
"product_id": "cpio-0:2.5-3e.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.s390x",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x",
"product_id": "cpio-debuginfo-0:2.5-3e.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-3e.3.s390",
"product": {
"name": "cpio-0:2.5-3e.3.s390",
"product_id": "cpio-0:2.5-3e.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-3e.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-3e.3.s390",
"product": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390",
"product_id": "cpio-debuginfo-0:2.5-3e.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-3e.3?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.i386"
},
"product_reference": "cpio-0:2.5-3e.3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.s390"
},
"product_reference": "cpio-0:2.5-3e.3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.src"
},
"product_reference": "cpio-0:2.5-3e.3.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-3e.3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-3e.3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-3e.3.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS:cpio-0:2.5-3e.3.i386",
"3AS:cpio-0:2.5-3e.3.ia64",
"3AS:cpio-0:2.5-3e.3.ppc",
"3AS:cpio-0:2.5-3e.3.s390",
"3AS:cpio-0:2.5-3e.3.s390x",
"3AS:cpio-0:2.5-3e.3.src",
"3AS:cpio-0:2.5-3e.3.x86_64",
"3AS:cpio-debuginfo-0:2.5-3e.3.i386",
"3AS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3AS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3AS:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3Desktop:cpio-0:2.5-3e.3.i386",
"3Desktop:cpio-0:2.5-3e.3.ia64",
"3Desktop:cpio-0:2.5-3e.3.ppc",
"3Desktop:cpio-0:2.5-3e.3.s390",
"3Desktop:cpio-0:2.5-3e.3.s390x",
"3Desktop:cpio-0:2.5-3e.3.src",
"3Desktop:cpio-0:2.5-3e.3.x86_64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.i386",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ia64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ppc",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390x",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3ES:cpio-0:2.5-3e.3.i386",
"3ES:cpio-0:2.5-3e.3.ia64",
"3ES:cpio-0:2.5-3e.3.ppc",
"3ES:cpio-0:2.5-3e.3.s390",
"3ES:cpio-0:2.5-3e.3.s390x",
"3ES:cpio-0:2.5-3e.3.src",
"3ES:cpio-0:2.5-3e.3.x86_64",
"3ES:cpio-debuginfo-0:2.5-3e.3.i386",
"3ES:cpio-debuginfo-0:2.5-3e.3.ia64",
"3ES:cpio-debuginfo-0:2.5-3e.3.ppc",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390x",
"3ES:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3WS:cpio-0:2.5-3e.3.i386",
"3WS:cpio-0:2.5-3e.3.ia64",
"3WS:cpio-0:2.5-3e.3.ppc",
"3WS:cpio-0:2.5-3e.3.s390",
"3WS:cpio-0:2.5-3e.3.s390x",
"3WS:cpio-0:2.5-3e.3.src",
"3WS:cpio-0:2.5-3e.3.x86_64",
"3WS:cpio-debuginfo-0:2.5-3e.3.i386",
"3WS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3WS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3WS:cpio-debuginfo-0:2.5-3e.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-02-18T15:28:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:cpio-0:2.5-3e.3.i386",
"3AS:cpio-0:2.5-3e.3.ia64",
"3AS:cpio-0:2.5-3e.3.ppc",
"3AS:cpio-0:2.5-3e.3.s390",
"3AS:cpio-0:2.5-3e.3.s390x",
"3AS:cpio-0:2.5-3e.3.src",
"3AS:cpio-0:2.5-3e.3.x86_64",
"3AS:cpio-debuginfo-0:2.5-3e.3.i386",
"3AS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3AS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390",
"3AS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3AS:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3Desktop:cpio-0:2.5-3e.3.i386",
"3Desktop:cpio-0:2.5-3e.3.ia64",
"3Desktop:cpio-0:2.5-3e.3.ppc",
"3Desktop:cpio-0:2.5-3e.3.s390",
"3Desktop:cpio-0:2.5-3e.3.s390x",
"3Desktop:cpio-0:2.5-3e.3.src",
"3Desktop:cpio-0:2.5-3e.3.x86_64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.i386",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ia64",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.ppc",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.s390x",
"3Desktop:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3ES:cpio-0:2.5-3e.3.i386",
"3ES:cpio-0:2.5-3e.3.ia64",
"3ES:cpio-0:2.5-3e.3.ppc",
"3ES:cpio-0:2.5-3e.3.s390",
"3ES:cpio-0:2.5-3e.3.s390x",
"3ES:cpio-0:2.5-3e.3.src",
"3ES:cpio-0:2.5-3e.3.x86_64",
"3ES:cpio-debuginfo-0:2.5-3e.3.i386",
"3ES:cpio-debuginfo-0:2.5-3e.3.ia64",
"3ES:cpio-debuginfo-0:2.5-3e.3.ppc",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390",
"3ES:cpio-debuginfo-0:2.5-3e.3.s390x",
"3ES:cpio-debuginfo-0:2.5-3e.3.x86_64",
"3WS:cpio-0:2.5-3e.3.i386",
"3WS:cpio-0:2.5-3e.3.ia64",
"3WS:cpio-0:2.5-3e.3.ppc",
"3WS:cpio-0:2.5-3e.3.s390",
"3WS:cpio-0:2.5-3e.3.s390x",
"3WS:cpio-0:2.5-3e.3.src",
"3WS:cpio-0:2.5-3e.3.x86_64",
"3WS:cpio-debuginfo-0:2.5-3e.3.i386",
"3WS:cpio-debuginfo-0:2.5-3e.3.ia64",
"3WS:cpio-debuginfo-0:2.5-3e.3.ppc",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390",
"3WS:cpio-debuginfo-0:2.5-3e.3.s390x",
"3WS:cpio-debuginfo-0:2.5-3e.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:080"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
rhsa-2005:806
Vulnerability from csaf_redhat
Published
2005-11-10 19:01
Modified
2024-11-21 23:41
Summary
Red Hat Security Advisory: cpio security update
Notes
Topic
An updated cpio package that fixes multiple issues is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
GNU cpio copies files into or out of a cpio or tar archive.
A race condition bug was found in cpio. It is possible for a local
malicious user to modify the permissions of a local file if they have write
access to a directory in which a cpio archive is being extracted. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-1111 to this issue.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all users can
read and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-1999-1572 to this issue.
All users of cpio are advised to upgrade to this updated package, which
contains backported fixes for these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes multiple issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nA race condition bug was found in cpio. It is possible for a local\nmalicious user to modify the permissions of a local file if they have write\naccess to a directory in which a cpio archive is being extracted. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCVE-2005-1111 to this issue.\n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all users can\nread and write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCVE-1999-1572 to this issue.\n\nAll users of cpio are advised to upgrade to this updated package, which\ncontains backported fixes for these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:806",
"url": "https://access.redhat.com/errata/RHSA-2005:806"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "169760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=169760"
},
{
"category": "external",
"summary": "172191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172191"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_806.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:41:19+00:00",
"generator": {
"date": "2024-11-21T23:41:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:806",
"initial_release_date": "2005-11-10T19:01:00+00:00",
"revision_history": [
{
"date": "2005-11-10T19:01:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-11-10T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:41:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux Advanced Workstation 2.1",
"product": {
"name": "Red Hat Linux Advanced Workstation 2.1",
"product_id": "Red Hat Linux Advanced Workstation 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 2.1",
"product": {
"name": "Red Hat Enterprise Linux ES version 2.1",
"product_id": "Red Hat Enterprise Linux ES version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 2.1",
"product": {
"name": "Red Hat Enterprise Linux WS version 2.1",
"product_id": "Red Hat Enterprise Linux WS version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-11-10T19:01:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:806"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2005-1111",
"discovery_date": "2005-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617604"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-1111"
},
{
"category": "external",
"summary": "RHBZ#1617604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-1111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111"
}
],
"release_date": "2005-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-11-10T19:01:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:806"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2005:806
Vulnerability from csaf_redhat
Published
2005-11-10 19:01
Modified
2024-11-21 23:41
Summary
Red Hat Security Advisory: cpio security update
Notes
Topic
An updated cpio package that fixes multiple issues is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
GNU cpio copies files into or out of a cpio or tar archive.
A race condition bug was found in cpio. It is possible for a local
malicious user to modify the permissions of a local file if they have write
access to a directory in which a cpio archive is being extracted. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-1111 to this issue.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all users can
read and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-1999-1572 to this issue.
All users of cpio are advised to upgrade to this updated package, which
contains backported fixes for these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes multiple issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nA race condition bug was found in cpio. It is possible for a local\nmalicious user to modify the permissions of a local file if they have write\naccess to a directory in which a cpio archive is being extracted. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCVE-2005-1111 to this issue.\n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all users can\nread and write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCVE-1999-1572 to this issue.\n\nAll users of cpio are advised to upgrade to this updated package, which\ncontains backported fixes for these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:806",
"url": "https://access.redhat.com/errata/RHSA-2005:806"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "169760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=169760"
},
{
"category": "external",
"summary": "172191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172191"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_806.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:41:19+00:00",
"generator": {
"date": "2024-11-21T23:41:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:806",
"initial_release_date": "2005-11-10T19:01:00+00:00",
"revision_history": [
{
"date": "2005-11-10T19:01:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-11-10T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:41:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux Advanced Workstation 2.1",
"product": {
"name": "Red Hat Linux Advanced Workstation 2.1",
"product_id": "Red Hat Linux Advanced Workstation 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 2.1",
"product": {
"name": "Red Hat Enterprise Linux ES version 2.1",
"product_id": "Red Hat Enterprise Linux ES version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 2.1",
"product": {
"name": "Red Hat Enterprise Linux WS version 2.1",
"product_id": "Red Hat Enterprise Linux WS version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-11-10T19:01:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:806"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2005-1111",
"discovery_date": "2005-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617604"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-1111"
},
{
"category": "external",
"summary": "RHBZ#1617604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-1111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111"
}
],
"release_date": "2005-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-11-10T19:01:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:806"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2005_073
Vulnerability from csaf_redhat
Published
2005-02-15 10:13
Modified
2024-11-21 23:26
Summary
Red Hat Security Advisory: cpio security update
Notes
Topic
An updated cpio package that fixes a umask bug is now available for Red Hat
Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team
Details
GNU cpio copies files into or out of a cpio or tar archive.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all can read
and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-1999-1572 to this issue.
Users of cpio should upgrade to this updated package, which resolves
this issue.
Red Hat would like to thank Mike O'Connor for bringing this issue to our
attention.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes a umask bug is now available for Red Hat\nEnterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all can read\nand write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-1999-1572 to this issue.\n\nUsers of cpio should upgrade to this updated package, which resolves\nthis issue.\n\nRed Hat would like to thank Mike O\u0027Connor for bringing this issue to our\nattention.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:073",
"url": "https://access.redhat.com/errata/RHSA-2005:073"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "145725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=145725"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_073.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:26:10+00:00",
"generator": {
"date": "2024-11-21T23:26:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:073",
"initial_release_date": "2005-02-15T10:13:00+00:00",
"revision_history": [
{
"date": "2005-02-15T10:13:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-02-15T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:26:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.ia64",
"product": {
"name": "cpio-0:2.5-7.EL4.1.ia64",
"product_id": "cpio-0:2.5-7.EL4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.src",
"product": {
"name": "cpio-0:2.5-7.EL4.1.src",
"product_id": "cpio-0:2.5-7.EL4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.x86_64",
"product": {
"name": "cpio-0:2.5-7.EL4.1.x86_64",
"product_id": "cpio-0:2.5-7.EL4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.i386",
"product": {
"name": "cpio-0:2.5-7.EL4.1.i386",
"product_id": "cpio-0:2.5-7.EL4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.ppc",
"product": {
"name": "cpio-0:2.5-7.EL4.1.ppc",
"product_id": "cpio-0:2.5-7.EL4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.s390",
"product": {
"name": "cpio-0:2.5-7.EL4.1.s390",
"product_id": "cpio-0:2.5-7.EL4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.s390x",
"product": {
"name": "cpio-0:2.5-7.EL4.1.s390x",
"product_id": "cpio-0:2.5-7.EL4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS:cpio-0:2.5-7.EL4.1.i386",
"4AS:cpio-0:2.5-7.EL4.1.ia64",
"4AS:cpio-0:2.5-7.EL4.1.ppc",
"4AS:cpio-0:2.5-7.EL4.1.s390",
"4AS:cpio-0:2.5-7.EL4.1.s390x",
"4AS:cpio-0:2.5-7.EL4.1.src",
"4AS:cpio-0:2.5-7.EL4.1.x86_64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-0:2.5-7.EL4.1.src",
"4Desktop:cpio-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-0:2.5-7.EL4.1.i386",
"4ES:cpio-0:2.5-7.EL4.1.ia64",
"4ES:cpio-0:2.5-7.EL4.1.ppc",
"4ES:cpio-0:2.5-7.EL4.1.s390",
"4ES:cpio-0:2.5-7.EL4.1.s390x",
"4ES:cpio-0:2.5-7.EL4.1.src",
"4ES:cpio-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-0:2.5-7.EL4.1.i386",
"4WS:cpio-0:2.5-7.EL4.1.ia64",
"4WS:cpio-0:2.5-7.EL4.1.ppc",
"4WS:cpio-0:2.5-7.EL4.1.s390",
"4WS:cpio-0:2.5-7.EL4.1.s390x",
"4WS:cpio-0:2.5-7.EL4.1.src",
"4WS:cpio-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-02-15T10:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"4AS:cpio-0:2.5-7.EL4.1.i386",
"4AS:cpio-0:2.5-7.EL4.1.ia64",
"4AS:cpio-0:2.5-7.EL4.1.ppc",
"4AS:cpio-0:2.5-7.EL4.1.s390",
"4AS:cpio-0:2.5-7.EL4.1.s390x",
"4AS:cpio-0:2.5-7.EL4.1.src",
"4AS:cpio-0:2.5-7.EL4.1.x86_64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-0:2.5-7.EL4.1.src",
"4Desktop:cpio-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-0:2.5-7.EL4.1.i386",
"4ES:cpio-0:2.5-7.EL4.1.ia64",
"4ES:cpio-0:2.5-7.EL4.1.ppc",
"4ES:cpio-0:2.5-7.EL4.1.s390",
"4ES:cpio-0:2.5-7.EL4.1.s390x",
"4ES:cpio-0:2.5-7.EL4.1.src",
"4ES:cpio-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-0:2.5-7.EL4.1.i386",
"4WS:cpio-0:2.5-7.EL4.1.ia64",
"4WS:cpio-0:2.5-7.EL4.1.ppc",
"4WS:cpio-0:2.5-7.EL4.1.s390",
"4WS:cpio-0:2.5-7.EL4.1.s390x",
"4WS:cpio-0:2.5-7.EL4.1.src",
"4WS:cpio-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:073"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
rhsa-2005:073
Vulnerability from csaf_redhat
Published
2005-02-15 10:13
Modified
2024-11-21 23:26
Summary
Red Hat Security Advisory: cpio security update
Notes
Topic
An updated cpio package that fixes a umask bug is now available for Red Hat
Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team
Details
GNU cpio copies files into or out of a cpio or tar archive.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all can read
and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-1999-1572 to this issue.
Users of cpio should upgrade to this updated package, which resolves
this issue.
Red Hat would like to thank Mike O'Connor for bringing this issue to our
attention.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes a umask bug is now available for Red Hat\nEnterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all can read\nand write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-1999-1572 to this issue.\n\nUsers of cpio should upgrade to this updated package, which resolves\nthis issue.\n\nRed Hat would like to thank Mike O\u0027Connor for bringing this issue to our\nattention.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:073",
"url": "https://access.redhat.com/errata/RHSA-2005:073"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "145725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=145725"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_073.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:26:10+00:00",
"generator": {
"date": "2024-11-21T23:26:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:073",
"initial_release_date": "2005-02-15T10:13:00+00:00",
"revision_history": [
{
"date": "2005-02-15T10:13:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-02-15T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:26:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.ia64",
"product": {
"name": "cpio-0:2.5-7.EL4.1.ia64",
"product_id": "cpio-0:2.5-7.EL4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.src",
"product": {
"name": "cpio-0:2.5-7.EL4.1.src",
"product_id": "cpio-0:2.5-7.EL4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.x86_64",
"product": {
"name": "cpio-0:2.5-7.EL4.1.x86_64",
"product_id": "cpio-0:2.5-7.EL4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.i386",
"product": {
"name": "cpio-0:2.5-7.EL4.1.i386",
"product_id": "cpio-0:2.5-7.EL4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.ppc",
"product": {
"name": "cpio-0:2.5-7.EL4.1.ppc",
"product_id": "cpio-0:2.5-7.EL4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.s390",
"product": {
"name": "cpio-0:2.5-7.EL4.1.s390",
"product_id": "cpio-0:2.5-7.EL4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-7.EL4.1.s390x",
"product": {
"name": "cpio-0:2.5-7.EL4.1.s390x",
"product_id": "cpio-0:2.5-7.EL4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-7.EL4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"product": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"product_id": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-7.EL4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.src"
},
"product_reference": "cpio-0:2.5-7.EL4.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS:cpio-0:2.5-7.EL4.1.i386",
"4AS:cpio-0:2.5-7.EL4.1.ia64",
"4AS:cpio-0:2.5-7.EL4.1.ppc",
"4AS:cpio-0:2.5-7.EL4.1.s390",
"4AS:cpio-0:2.5-7.EL4.1.s390x",
"4AS:cpio-0:2.5-7.EL4.1.src",
"4AS:cpio-0:2.5-7.EL4.1.x86_64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-0:2.5-7.EL4.1.src",
"4Desktop:cpio-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-0:2.5-7.EL4.1.i386",
"4ES:cpio-0:2.5-7.EL4.1.ia64",
"4ES:cpio-0:2.5-7.EL4.1.ppc",
"4ES:cpio-0:2.5-7.EL4.1.s390",
"4ES:cpio-0:2.5-7.EL4.1.s390x",
"4ES:cpio-0:2.5-7.EL4.1.src",
"4ES:cpio-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-0:2.5-7.EL4.1.i386",
"4WS:cpio-0:2.5-7.EL4.1.ia64",
"4WS:cpio-0:2.5-7.EL4.1.ppc",
"4WS:cpio-0:2.5-7.EL4.1.s390",
"4WS:cpio-0:2.5-7.EL4.1.s390x",
"4WS:cpio-0:2.5-7.EL4.1.src",
"4WS:cpio-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-02-15T10:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"4AS:cpio-0:2.5-7.EL4.1.i386",
"4AS:cpio-0:2.5-7.EL4.1.ia64",
"4AS:cpio-0:2.5-7.EL4.1.ppc",
"4AS:cpio-0:2.5-7.EL4.1.s390",
"4AS:cpio-0:2.5-7.EL4.1.s390x",
"4AS:cpio-0:2.5-7.EL4.1.src",
"4AS:cpio-0:2.5-7.EL4.1.x86_64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4AS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-0:2.5-7.EL4.1.src",
"4Desktop:cpio-0:2.5-7.EL4.1.x86_64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4Desktop:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-0:2.5-7.EL4.1.i386",
"4ES:cpio-0:2.5-7.EL4.1.ia64",
"4ES:cpio-0:2.5-7.EL4.1.ppc",
"4ES:cpio-0:2.5-7.EL4.1.s390",
"4ES:cpio-0:2.5-7.EL4.1.s390x",
"4ES:cpio-0:2.5-7.EL4.1.src",
"4ES:cpio-0:2.5-7.EL4.1.x86_64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4ES:cpio-debuginfo-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-0:2.5-7.EL4.1.i386",
"4WS:cpio-0:2.5-7.EL4.1.ia64",
"4WS:cpio-0:2.5-7.EL4.1.ppc",
"4WS:cpio-0:2.5-7.EL4.1.s390",
"4WS:cpio-0:2.5-7.EL4.1.s390x",
"4WS:cpio-0:2.5-7.EL4.1.src",
"4WS:cpio-0:2.5-7.EL4.1.x86_64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.i386",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ia64",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.ppc",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.s390x",
"4WS:cpio-debuginfo-0:2.5-7.EL4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:073"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
ghsa-j8q5-qf4r-w33w
Vulnerability from github
Published
2022-04-30 18:12
Modified
2022-04-30 18:12
Details
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
{
"affected": [],
"aliases": [
"CVE-1999-1572"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "1996-07-16T04:00:00Z",
"severity": "LOW"
},
"details": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"id": "GHSA-j8q5-qf4r-w33w",
"modified": "2022-04-30T18:12:43Z",
"published": "2022-04-30T18:12:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19167"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/14357"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17063"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17532"
},
{
"type": "WEB",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2005/dsa-664"
},
{
"type": "WEB",
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:032"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-073.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-080.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"type": "WEB",
"url": "http://www.trustix.org/errata/2005/0003"
}
],
"schema_version": "1.4.0",
"severity": []
}
cve-1999-1572
Vulnerability from fkie_nvd
Published
1996-07-16 04:00
Modified
2024-11-20 23:31
Severity ?
Summary
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 3.0 | |
| freebsd | freebsd | 2.1.0 | |
| mandrakesoft | mandrake_linux | 9.2 | |
| mandrakesoft | mandrake_linux | 10.0 | |
| mandrakesoft | mandrake_linux | 10.1 | |
| mandrakesoft | mandrake_linux | cs2.1 | |
| mandrakesoft | mandrake_linux | cs3.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux_desktop | 4.0 | |
| ubuntu | ubuntu_linux | 4.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27C9E23D-AB82-4AE1-873E-C5493BB96AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4177C378-7729-46AB-B49B-C6DAED3200E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:cs2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B3DB31-3998-4B75-A972-0F2675ACCA2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:cs3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37145402-6EC5-4700-8863-CE563A4F37F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*",
"matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*",
"matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C62EF915-CA7C-4D75-BC67-E015772BB9CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files."
}
],
"evaluatorSolution": "Fixed in rev 1.3 of cpio/main.c.",
"id": "CVE-1999-1572",
"lastModified": "2024-11-20T23:31:26.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1996-07-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14357"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17063"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17532"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-664"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:032"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-073.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-080.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19167"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-1999-1572
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-1999-1572",
"description": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"id": "GSD-1999-1572",
"references": [
"https://www.debian.org/security/2005/dsa-664",
"https://access.redhat.com/errata/RHSA-2005:806",
"https://access.redhat.com/errata/RHSA-2005:080",
"https://access.redhat.com/errata/RHSA-2005:073"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-1999-1572"
],
"details": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"id": "GSD-1999-1572",
"modified": "2023-12-13T01:22:57.751163Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050204 [USN-75-1] cpio vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2"
},
{
"name": "RHSA-2005:073",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-073.html"
},
{
"name": "cpio-o-archive-insecure-permissions(19167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19167"
},
{
"name": "17063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17063"
},
{
"name": "17532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17532"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf"
},
{
"name": "RHSA-2005:080",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-080.html"
},
{
"name": "oval:org.mitre.oval:def:10888",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888"
},
{
"name": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391",
"refsource": "MISC",
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391"
},
{
"name": "14357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14357"
},
{
"name": "MDKSA-2005:032",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:032"
},
{
"name": "DSA-664",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-664"
},
{
"name": "RHSA-2005:806",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:cs3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ubuntu:ubuntu_linux:4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:cs2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1572"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391",
"refsource": "MISC",
"tags": [
"Exploit"
],
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391"
},
{
"name": "DSA-664",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2005/dsa-664"
},
{
"name": "RHSA-2005:073",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2005-073.html"
},
{
"name": "RHSA-2005:080",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2005-080.html"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"tags": [],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-212.pdf"
},
{
"name": "RHSA-2005:806",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"name": "14357",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/14357"
},
{
"name": "17063",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/17063"
},
{
"name": "17532",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/17532"
},
{
"name": "MDKSA-2005:032",
"refsource": "MANDRAKE",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:032"
},
{
"name": "20050204 [USN-75-1] cpio vulnerability",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=110763404701519\u0026w=2"
},
{
"name": "cpio-o-archive-insecure-permissions(19167)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19167"
},
{
"name": "oval:org.mitre.oval:def:10888",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-10-19T01:29Z",
"publishedDate": "1996-07-16T04:00Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.