Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2005-1111 (GCVE-0-2005-1111)
Vulnerability from cvelistv5 – Published: 2005-04-16 04:00 – Updated: 2024-08-07 21:35
VLAI
EPSS
Summary
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2005-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050413 cpio TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2"
},
{
"name": "17532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17532"
},
{
"name": "SCOSA-2006.2",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt"
},
{
"name": "FreeBSD-SA-06:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc"
},
{
"name": "17123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17123"
},
{
"name": "15725",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15725"
},
{
"name": "RHSA-2005:378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-378.html"
},
{
"name": "16998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16998"
},
{
"name": "13159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13159"
},
{
"name": "DSA-846",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-846"
},
{
"name": "USN-189-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-189-1"
},
{
"name": "SUSE-SR:2006:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20117"
},
{
"name": "oval:org.mitre.oval:def:9783",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783"
},
{
"name": "oval:org.mitre.oval:def:358",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358"
},
{
"name": "RHSA-2005:806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"name": "SCOSA-2005.32",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt"
},
{
"name": "18395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18395"
},
{
"name": "18290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050413 cpio TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2"
},
{
"name": "17532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17532"
},
{
"name": "SCOSA-2006.2",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt"
},
{
"name": "FreeBSD-SA-06:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc"
},
{
"name": "17123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17123"
},
{
"name": "15725",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15725"
},
{
"name": "RHSA-2005:378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-378.html"
},
{
"name": "16998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16998"
},
{
"name": "13159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13159"
},
{
"name": "DSA-846",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-846"
},
{
"name": "USN-189-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-189-1"
},
{
"name": "SUSE-SR:2006:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20117"
},
{
"name": "oval:org.mitre.oval:def:9783",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783"
},
{
"name": "oval:org.mitre.oval:def:358",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358"
},
{
"name": "RHSA-2005:806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"name": "SCOSA-2005.32",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt"
},
{
"name": "18395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18395"
},
{
"name": "18290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050413 cpio TOCTOU file-permissions vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2"
},
{
"name": "17532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17532"
},
{
"name": "SCOSA-2006.2",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt"
},
{
"name": "FreeBSD-SA-06:03",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc"
},
{
"name": "17123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17123"
},
{
"name": "15725",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15725"
},
{
"name": "RHSA-2005:378",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-378.html"
},
{
"name": "16998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16998"
},
{
"name": "13159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13159"
},
{
"name": "DSA-846",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-846"
},
{
"name": "USN-189-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-189-1"
},
{
"name": "SUSE-SR:2006:010",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20117"
},
{
"name": "oval:org.mitre.oval:def:9783",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783"
},
{
"name": "oval:org.mitre.oval:def:358",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358"
},
{
"name": "RHSA-2005:806",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"name": "SCOSA-2005.32",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt"
},
{
"name": "18395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18395"
},
{
"name": "18290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1111",
"datePublished": "2005-04-16T04:00:00.000Z",
"dateReserved": "2005-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2005-1111",
"date": "2026-06-01",
"epss": "0.00093",
"percentile": "0.25976"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.6\", \"matchCriteriaId\": \"3CAD60D3-330A-427B-B2DC-59CF390DAF9D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CAE037F-111C-4A76-8FFE-716B74D65EF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"778A6957-455B-420A-BAAF-E7F88FF4FB1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42E47538-08EE-4DC1-AC17-883C44CF77BB\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.\"}]",
"id": "CVE-2005-1111",
"lastModified": "2024-11-20T23:56:38.053",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 4.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 3.7, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 1.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2005-05-02T04:00:00.000",
"references": "[{\"url\": \"ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://secunia.com/advisories/16998\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/17123\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/17532\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/18290\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/18395\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/20117\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.debian.org/security/2005/dsa-846\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.osvdb.org/15725\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-378.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-806.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/13159\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/usn-189-1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://secunia.com/advisories/16998\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/17123\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/17532\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/18290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/18395\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/20117\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.debian.org/security/2005/dsa-846\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.osvdb.org/15725\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-378.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-806.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/13159\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/usn-189-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\", \"lastModified\": \"2007-03-14T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-59\"}, {\"lang\": \"en\", \"value\": \"CWE-367\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2005-1111\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-05-02T04:00:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":3.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":1.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"},{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6\",\"matchCriteriaId\":\"3CAD60D3-330A-427B-B2DC-59CF390DAF9D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CAE037F-111C-4A76-8FFE-716B74D65EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"778A6957-455B-420A-BAAF-E7F88FF4FB1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42E47538-08EE-4DC1-AC17-883C44CF77BB\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://secunia.com/advisories/16998\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/17123\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/17532\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/18290\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/18395\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/20117\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2005/dsa-846\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.osvdb.org/15725\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-378.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-806.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/13159\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-189-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://secunia.com/advisories/16998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/17123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/17532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/18290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/18395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/20117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2005/dsa-846\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.osvdb.org/15725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-378.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-806.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/13159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-189-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\",\"lastModified\":\"2007-03-14T00:00:00\"}]}}"
}
}
FKIE_CVE-2005-1111
Vulnerability from fkie_nvd - Published: 2005-05-02 04:00 - Updated: 2026-04-16 00:27
Severity
Summary
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | cpio | * | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.1 | |
| canonical | ubuntu_linux | 4.10 | |
| canonical | ubuntu_linux | 5.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAD60D3-330A-427B-B2DC-59CF390DAF9D",
"versionEndIncluding": "2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "778A6957-455B-420A-BAAF-E7F88FF4FB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "42E47538-08EE-4DC1-AC17-883C44CF77BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete."
}
],
"id": "CVE-2005-1111",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/16998"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17123"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17532"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/18290"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/18395"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/20117"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-846"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/15725"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-378.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/13159"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-189-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/16998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/18290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/18395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/20117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/15725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-378.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/13159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-189-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
},
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-FG93-983G-7P2V
Vulnerability from github – Published: 2022-05-03 03:14 – Updated: 2022-05-03 03:14
VLAI
Details
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
{
"affected": [],
"aliases": [
"CVE-2005-1111"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-05-02T04:00:00Z",
"severity": "LOW"
},
"details": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",
"id": "GHSA-fg93-983g-7p2v",
"modified": "2022-05-03T03:14:06Z",
"published": "2022-05-03T03:14:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783"
},
{
"type": "WEB",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/16998"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17123"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17532"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/18290"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/18395"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20117"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2005/dsa-846"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/15725"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-378.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/13159"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-189-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2005-1111
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2005-1111",
"description": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",
"id": "GSD-2005-1111",
"references": [
"https://www.suse.com/security/cve/CVE-2005-1111.html",
"https://www.debian.org/security/2005/dsa-846",
"https://access.redhat.com/errata/RHSA-2005:806",
"https://access.redhat.com/errata/RHSA-2005:378"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2005-1111"
],
"details": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",
"id": "GSD-2005-1111",
"modified": "2023-12-13T01:20:11.930042Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050413 cpio TOCTOU file-permissions vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2"
},
{
"name": "17532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17532"
},
{
"name": "SCOSA-2006.2",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt"
},
{
"name": "FreeBSD-SA-06:03",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc"
},
{
"name": "17123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17123"
},
{
"name": "15725",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15725"
},
{
"name": "RHSA-2005:378",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-378.html"
},
{
"name": "16998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16998"
},
{
"name": "13159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13159"
},
{
"name": "DSA-846",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-846"
},
{
"name": "USN-189-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-189-1"
},
{
"name": "SUSE-SR:2006:010",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20117"
},
{
"name": "oval:org.mitre.oval:def:9783",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783"
},
{
"name": "oval:org.mitre.oval:def:358",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358"
},
{
"name": "RHSA-2005:806",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"name": "SCOSA-2005.32",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt"
},
{
"name": "18395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18395"
},
{
"name": "18290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18290"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAD60D3-330A-427B-B2DC-59CF390DAF9D",
"versionEndIncluding": "2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "778A6957-455B-420A-BAAF-E7F88FF4FB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "42E47538-08EE-4DC1-AC17-883C44CF77BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete."
}
],
"id": "CVE-2005-1111",
"lastModified": "2024-01-26T17:07:14.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111342664116120\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/16998"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17123"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17532"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/18290"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/18395"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/20117"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-846"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/15725"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-378.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-806.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/13159"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-189-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
},
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
RHSA-2005:378
Vulnerability from csaf_redhat - Published: 2005-07-21 18:12 - Updated: 2025-11-21 17:28Summary
Red Hat Security Advisory: cpio security update
Severity
Low
Notes
Topic: An updated cpio package that fixes multiple issues is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details: GNU cpio copies files into or out of a cpio or tar archive.
A race condition bug was found in cpio. It is possible for a local
malicious user to modify the permissions of a local file if they have write
access to a directory in which a cpio archive is being extracted. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1111 to this issue.
Additionally, this update adds cpio support for archives larger than 2GB.
However, the size of individual files within an archive is limited to 4GB.
All users of cpio are advised to upgrade to this updated package, which
contains backported fixes for these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Affected products
Fixed
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes multiple issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nA race condition bug was found in cpio. It is possible for a local\nmalicious user to modify the permissions of a local file if they have write\naccess to a directory in which a cpio archive is being extracted. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2005-1111 to this issue.\n\nAdditionally, this update adds cpio support for archives larger than 2GB.\nHowever, the size of individual files within an archive is limited to 4GB.\n\nAll users of cpio are advised to upgrade to this updated package, which\ncontains backported fixes for these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:378",
"url": "https://access.redhat.com/errata/RHSA-2005:378"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "105617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=105617"
},
{
"category": "external",
"summary": "144688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=144688"
},
{
"category": "external",
"summary": "154507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=154507"
},
{
"category": "external",
"summary": "155749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=155749"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_378.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2025-11-21T17:28:58+00:00",
"generator": {
"date": "2025-11-21T17:28:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2005:378",
"initial_release_date": "2005-07-21T18:12:00+00:00",
"revision_history": [
{
"date": "2005-07-21T18:12:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-07-21T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:28:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.ia64",
"product": {
"name": "cpio-0:2.5-4.RHEL3.ia64",
"product_id": "cpio-0:2.5-4.RHEL3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.ia64",
"product": {
"name": "cpio-0:2.5-8.RHEL4.ia64",
"product_id": "cpio-0:2.5-8.RHEL4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.x86_64",
"product": {
"name": "cpio-0:2.5-4.RHEL3.x86_64",
"product_id": "cpio-0:2.5-4.RHEL3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.x86_64",
"product": {
"name": "cpio-0:2.5-8.RHEL4.x86_64",
"product_id": "cpio-0:2.5-8.RHEL4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.i386",
"product": {
"name": "cpio-0:2.5-4.RHEL3.i386",
"product_id": "cpio-0:2.5-4.RHEL3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.i386",
"product": {
"name": "cpio-0:2.5-8.RHEL4.i386",
"product_id": "cpio-0:2.5-8.RHEL4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.src",
"product": {
"name": "cpio-0:2.5-4.RHEL3.src",
"product_id": "cpio-0:2.5-4.RHEL3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=src"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.src",
"product": {
"name": "cpio-0:2.5-8.RHEL4.src",
"product_id": "cpio-0:2.5-8.RHEL4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.ppc",
"product": {
"name": "cpio-0:2.5-4.RHEL3.ppc",
"product_id": "cpio-0:2.5-4.RHEL3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.ppc",
"product": {
"name": "cpio-0:2.5-8.RHEL4.ppc",
"product_id": "cpio-0:2.5-8.RHEL4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.s390x",
"product": {
"name": "cpio-0:2.5-4.RHEL3.s390x",
"product_id": "cpio-0:2.5-4.RHEL3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.s390x",
"product": {
"name": "cpio-0:2.5-8.RHEL4.s390x",
"product_id": "cpio-0:2.5-8.RHEL4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.s390",
"product": {
"name": "cpio-0:2.5-4.RHEL3.s390",
"product_id": "cpio-0:2.5-4.RHEL3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.s390",
"product": {
"name": "cpio-0:2.5-8.RHEL4.s390",
"product_id": "cpio-0:2.5-8.RHEL4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.src"
},
"product_reference": "cpio-0:2.5-4.RHEL3.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.src"
},
"product_reference": "cpio-0:2.5-4.RHEL3.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.src"
},
"product_reference": "cpio-0:2.5-4.RHEL3.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.src"
},
"product_reference": "cpio-0:2.5-4.RHEL3.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.src"
},
"product_reference": "cpio-0:2.5-8.RHEL4.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.src"
},
"product_reference": "cpio-0:2.5-8.RHEL4.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.src"
},
"product_reference": "cpio-0:2.5-8.RHEL4.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.src"
},
"product_reference": "cpio-0:2.5-8.RHEL4.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-1111",
"discovery_date": "2005-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617604"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS:cpio-0:2.5-4.RHEL3.i386",
"3AS:cpio-0:2.5-4.RHEL3.ia64",
"3AS:cpio-0:2.5-4.RHEL3.ppc",
"3AS:cpio-0:2.5-4.RHEL3.s390",
"3AS:cpio-0:2.5-4.RHEL3.s390x",
"3AS:cpio-0:2.5-4.RHEL3.src",
"3AS:cpio-0:2.5-4.RHEL3.x86_64",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3Desktop:cpio-0:2.5-4.RHEL3.i386",
"3Desktop:cpio-0:2.5-4.RHEL3.ia64",
"3Desktop:cpio-0:2.5-4.RHEL3.ppc",
"3Desktop:cpio-0:2.5-4.RHEL3.s390",
"3Desktop:cpio-0:2.5-4.RHEL3.s390x",
"3Desktop:cpio-0:2.5-4.RHEL3.src",
"3Desktop:cpio-0:2.5-4.RHEL3.x86_64",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3ES:cpio-0:2.5-4.RHEL3.i386",
"3ES:cpio-0:2.5-4.RHEL3.ia64",
"3ES:cpio-0:2.5-4.RHEL3.ppc",
"3ES:cpio-0:2.5-4.RHEL3.s390",
"3ES:cpio-0:2.5-4.RHEL3.s390x",
"3ES:cpio-0:2.5-4.RHEL3.src",
"3ES:cpio-0:2.5-4.RHEL3.x86_64",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3WS:cpio-0:2.5-4.RHEL3.i386",
"3WS:cpio-0:2.5-4.RHEL3.ia64",
"3WS:cpio-0:2.5-4.RHEL3.ppc",
"3WS:cpio-0:2.5-4.RHEL3.s390",
"3WS:cpio-0:2.5-4.RHEL3.s390x",
"3WS:cpio-0:2.5-4.RHEL3.src",
"3WS:cpio-0:2.5-4.RHEL3.x86_64",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"4AS:cpio-0:2.5-8.RHEL4.i386",
"4AS:cpio-0:2.5-8.RHEL4.ia64",
"4AS:cpio-0:2.5-8.RHEL4.ppc",
"4AS:cpio-0:2.5-8.RHEL4.s390",
"4AS:cpio-0:2.5-8.RHEL4.s390x",
"4AS:cpio-0:2.5-8.RHEL4.src",
"4AS:cpio-0:2.5-8.RHEL4.x86_64",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4Desktop:cpio-0:2.5-8.RHEL4.i386",
"4Desktop:cpio-0:2.5-8.RHEL4.ia64",
"4Desktop:cpio-0:2.5-8.RHEL4.ppc",
"4Desktop:cpio-0:2.5-8.RHEL4.s390",
"4Desktop:cpio-0:2.5-8.RHEL4.s390x",
"4Desktop:cpio-0:2.5-8.RHEL4.src",
"4Desktop:cpio-0:2.5-8.RHEL4.x86_64",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4ES:cpio-0:2.5-8.RHEL4.i386",
"4ES:cpio-0:2.5-8.RHEL4.ia64",
"4ES:cpio-0:2.5-8.RHEL4.ppc",
"4ES:cpio-0:2.5-8.RHEL4.s390",
"4ES:cpio-0:2.5-8.RHEL4.s390x",
"4ES:cpio-0:2.5-8.RHEL4.src",
"4ES:cpio-0:2.5-8.RHEL4.x86_64",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4WS:cpio-0:2.5-8.RHEL4.i386",
"4WS:cpio-0:2.5-8.RHEL4.ia64",
"4WS:cpio-0:2.5-8.RHEL4.ppc",
"4WS:cpio-0:2.5-8.RHEL4.s390",
"4WS:cpio-0:2.5-8.RHEL4.s390x",
"4WS:cpio-0:2.5-8.RHEL4.src",
"4WS:cpio-0:2.5-8.RHEL4.x86_64",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-1111"
},
{
"category": "external",
"summary": "RHBZ#1617604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-1111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111"
}
],
"release_date": "2005-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-07-21T18:12:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:cpio-0:2.5-4.RHEL3.i386",
"3AS:cpio-0:2.5-4.RHEL3.ia64",
"3AS:cpio-0:2.5-4.RHEL3.ppc",
"3AS:cpio-0:2.5-4.RHEL3.s390",
"3AS:cpio-0:2.5-4.RHEL3.s390x",
"3AS:cpio-0:2.5-4.RHEL3.src",
"3AS:cpio-0:2.5-4.RHEL3.x86_64",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3Desktop:cpio-0:2.5-4.RHEL3.i386",
"3Desktop:cpio-0:2.5-4.RHEL3.ia64",
"3Desktop:cpio-0:2.5-4.RHEL3.ppc",
"3Desktop:cpio-0:2.5-4.RHEL3.s390",
"3Desktop:cpio-0:2.5-4.RHEL3.s390x",
"3Desktop:cpio-0:2.5-4.RHEL3.src",
"3Desktop:cpio-0:2.5-4.RHEL3.x86_64",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3ES:cpio-0:2.5-4.RHEL3.i386",
"3ES:cpio-0:2.5-4.RHEL3.ia64",
"3ES:cpio-0:2.5-4.RHEL3.ppc",
"3ES:cpio-0:2.5-4.RHEL3.s390",
"3ES:cpio-0:2.5-4.RHEL3.s390x",
"3ES:cpio-0:2.5-4.RHEL3.src",
"3ES:cpio-0:2.5-4.RHEL3.x86_64",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3WS:cpio-0:2.5-4.RHEL3.i386",
"3WS:cpio-0:2.5-4.RHEL3.ia64",
"3WS:cpio-0:2.5-4.RHEL3.ppc",
"3WS:cpio-0:2.5-4.RHEL3.s390",
"3WS:cpio-0:2.5-4.RHEL3.s390x",
"3WS:cpio-0:2.5-4.RHEL3.src",
"3WS:cpio-0:2.5-4.RHEL3.x86_64",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"4AS:cpio-0:2.5-8.RHEL4.i386",
"4AS:cpio-0:2.5-8.RHEL4.ia64",
"4AS:cpio-0:2.5-8.RHEL4.ppc",
"4AS:cpio-0:2.5-8.RHEL4.s390",
"4AS:cpio-0:2.5-8.RHEL4.s390x",
"4AS:cpio-0:2.5-8.RHEL4.src",
"4AS:cpio-0:2.5-8.RHEL4.x86_64",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4Desktop:cpio-0:2.5-8.RHEL4.i386",
"4Desktop:cpio-0:2.5-8.RHEL4.ia64",
"4Desktop:cpio-0:2.5-8.RHEL4.ppc",
"4Desktop:cpio-0:2.5-8.RHEL4.s390",
"4Desktop:cpio-0:2.5-8.RHEL4.s390x",
"4Desktop:cpio-0:2.5-8.RHEL4.src",
"4Desktop:cpio-0:2.5-8.RHEL4.x86_64",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4ES:cpio-0:2.5-8.RHEL4.i386",
"4ES:cpio-0:2.5-8.RHEL4.ia64",
"4ES:cpio-0:2.5-8.RHEL4.ppc",
"4ES:cpio-0:2.5-8.RHEL4.s390",
"4ES:cpio-0:2.5-8.RHEL4.s390x",
"4ES:cpio-0:2.5-8.RHEL4.src",
"4ES:cpio-0:2.5-8.RHEL4.x86_64",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4WS:cpio-0:2.5-8.RHEL4.i386",
"4WS:cpio-0:2.5-8.RHEL4.ia64",
"4WS:cpio-0:2.5-8.RHEL4.ppc",
"4WS:cpio-0:2.5-8.RHEL4.s390",
"4WS:cpio-0:2.5-8.RHEL4.s390x",
"4WS:cpio-0:2.5-8.RHEL4.src",
"4WS:cpio-0:2.5-8.RHEL4.x86_64",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:378"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2005:806
Vulnerability from csaf_redhat - Published: 2005-11-10 19:01 - Updated: 2025-11-21 17:29Summary
Red Hat Security Advisory: cpio security update
Severity
Low
Notes
Topic: An updated cpio package that fixes multiple issues is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details: GNU cpio copies files into or out of a cpio or tar archive.
A race condition bug was found in cpio. It is possible for a local
malicious user to modify the permissions of a local file if they have write
access to a directory in which a cpio archive is being extracted. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-1111 to this issue.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all users can
read and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-1999-1572 to this issue.
All users of cpio are advised to upgrade to this updated package, which
contains backported fixes for these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::as
|
— |
Vendor Fix
fix
|
|
Red Hat Enterprise Linux ES version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::es
|
— |
Vendor Fix
fix
|
|
Red Hat Enterprise Linux WS version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::ws
|
— |
Vendor Fix
fix
|
|
Red Hat Linux Advanced Workstation 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::aw
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::as
|
— |
Vendor Fix
fix
|
|
Red Hat Enterprise Linux ES version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::es
|
— |
Vendor Fix
fix
|
|
Red Hat Enterprise Linux WS version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::ws
|
— |
Vendor Fix
fix
|
|
Red Hat Linux Advanced Workstation 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::aw
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
13 references
Acknowledgments
Mike O'Connor
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes multiple issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nA race condition bug was found in cpio. It is possible for a local\nmalicious user to modify the permissions of a local file if they have write\naccess to a directory in which a cpio archive is being extracted. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCVE-2005-1111 to this issue.\n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all users can\nread and write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCVE-1999-1572 to this issue.\n\nAll users of cpio are advised to upgrade to this updated package, which\ncontains backported fixes for these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:806",
"url": "https://access.redhat.com/errata/RHSA-2005:806"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "169760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=169760"
},
{
"category": "external",
"summary": "172191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172191"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_806.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2025-11-21T17:29:40+00:00",
"generator": {
"date": "2025-11-21T17:29:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2005:806",
"initial_release_date": "2005-11-10T19:01:00+00:00",
"revision_history": [
{
"date": "2005-11-10T19:01:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-11-10T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:29:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux Advanced Workstation 2.1",
"product": {
"name": "Red Hat Linux Advanced Workstation 2.1",
"product_id": "Red Hat Linux Advanced Workstation 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 2.1",
"product": {
"name": "Red Hat Enterprise Linux ES version 2.1",
"product_id": "Red Hat Enterprise Linux ES version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 2.1",
"product": {
"name": "Red Hat Enterprise Linux WS version 2.1",
"product_id": "Red Hat Enterprise Linux WS version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-11-10T19:01:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:806"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2005-1111",
"discovery_date": "2005-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617604"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-1111"
},
{
"category": "external",
"summary": "RHBZ#1617604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-1111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111"
}
],
"release_date": "2005-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-11-10T19:01:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:806"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2005_378
Vulnerability from csaf_redhat - Published: 2005-07-21 18:12 - Updated: 2024-11-21 23:41Summary
Red Hat Security Advisory: cpio security update
Severity
Low
Notes
Topic: An updated cpio package that fixes multiple issues is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details: GNU cpio copies files into or out of a cpio or tar archive.
A race condition bug was found in cpio. It is possible for a local
malicious user to modify the permissions of a local file if they have write
access to a directory in which a cpio archive is being extracted. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1111 to this issue.
Additionally, this update adds cpio support for archives larger than 2GB.
However, the size of individual files within an archive is limited to 4GB.
All users of cpio are advised to upgrade to this updated package, which
contains backported fixes for these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Affected products
Fixed
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:cpio-debuginfo-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:cpio-debuginfo-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes multiple issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nA race condition bug was found in cpio. It is possible for a local\nmalicious user to modify the permissions of a local file if they have write\naccess to a directory in which a cpio archive is being extracted. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2005-1111 to this issue.\n\nAdditionally, this update adds cpio support for archives larger than 2GB.\nHowever, the size of individual files within an archive is limited to 4GB.\n\nAll users of cpio are advised to upgrade to this updated package, which\ncontains backported fixes for these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:378",
"url": "https://access.redhat.com/errata/RHSA-2005:378"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "105617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=105617"
},
{
"category": "external",
"summary": "144688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=144688"
},
{
"category": "external",
"summary": "154507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=154507"
},
{
"category": "external",
"summary": "155749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=155749"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_378.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:41:14+00:00",
"generator": {
"date": "2024-11-21T23:41:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:378",
"initial_release_date": "2005-07-21T18:12:00+00:00",
"revision_history": [
{
"date": "2005-07-21T18:12:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-07-21T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:41:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.ia64",
"product": {
"name": "cpio-0:2.5-4.RHEL3.ia64",
"product_id": "cpio-0:2.5-4.RHEL3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.ia64",
"product": {
"name": "cpio-0:2.5-8.RHEL4.ia64",
"product_id": "cpio-0:2.5-8.RHEL4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.x86_64",
"product": {
"name": "cpio-0:2.5-4.RHEL3.x86_64",
"product_id": "cpio-0:2.5-4.RHEL3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.x86_64",
"product": {
"name": "cpio-0:2.5-8.RHEL4.x86_64",
"product_id": "cpio-0:2.5-8.RHEL4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.i386",
"product": {
"name": "cpio-0:2.5-4.RHEL3.i386",
"product_id": "cpio-0:2.5-4.RHEL3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.i386",
"product": {
"name": "cpio-0:2.5-8.RHEL4.i386",
"product_id": "cpio-0:2.5-8.RHEL4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.src",
"product": {
"name": "cpio-0:2.5-4.RHEL3.src",
"product_id": "cpio-0:2.5-4.RHEL3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=src"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.src",
"product": {
"name": "cpio-0:2.5-8.RHEL4.src",
"product_id": "cpio-0:2.5-8.RHEL4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.ppc",
"product": {
"name": "cpio-0:2.5-4.RHEL3.ppc",
"product_id": "cpio-0:2.5-4.RHEL3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.ppc",
"product": {
"name": "cpio-0:2.5-8.RHEL4.ppc",
"product_id": "cpio-0:2.5-8.RHEL4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.s390x",
"product": {
"name": "cpio-0:2.5-4.RHEL3.s390x",
"product_id": "cpio-0:2.5-4.RHEL3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.s390x",
"product": {
"name": "cpio-0:2.5-8.RHEL4.s390x",
"product_id": "cpio-0:2.5-8.RHEL4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"product": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"product_id": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-4.RHEL3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-4.RHEL3.s390",
"product": {
"name": "cpio-0:2.5-4.RHEL3.s390",
"product_id": "cpio-0:2.5-4.RHEL3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-4.RHEL3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"product": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"product_id": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio-debuginfo@2.5-8.RHEL4?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cpio-0:2.5-8.RHEL4.s390",
"product": {
"name": "cpio-0:2.5-8.RHEL4.s390",
"product_id": "cpio-0:2.5-8.RHEL4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cpio@2.5-8.RHEL4?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.src"
},
"product_reference": "cpio-0:2.5-4.RHEL3.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.src"
},
"product_reference": "cpio-0:2.5-4.RHEL3.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.src"
},
"product_reference": "cpio-0:2.5-4.RHEL3.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:cpio-debuginfo-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.src"
},
"product_reference": "cpio-0:2.5-4.RHEL3.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.src"
},
"product_reference": "cpio-0:2.5-8.RHEL4.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.src"
},
"product_reference": "cpio-0:2.5-8.RHEL4.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.src"
},
"product_reference": "cpio-0:2.5-8.RHEL4.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.src"
},
"product_reference": "cpio-0:2.5-8.RHEL4.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.i386"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.ia64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.ppc"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390x"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
},
"product_reference": "cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-1111",
"discovery_date": "2005-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617604"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS:cpio-0:2.5-4.RHEL3.i386",
"3AS:cpio-0:2.5-4.RHEL3.ia64",
"3AS:cpio-0:2.5-4.RHEL3.ppc",
"3AS:cpio-0:2.5-4.RHEL3.s390",
"3AS:cpio-0:2.5-4.RHEL3.s390x",
"3AS:cpio-0:2.5-4.RHEL3.src",
"3AS:cpio-0:2.5-4.RHEL3.x86_64",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3Desktop:cpio-0:2.5-4.RHEL3.i386",
"3Desktop:cpio-0:2.5-4.RHEL3.ia64",
"3Desktop:cpio-0:2.5-4.RHEL3.ppc",
"3Desktop:cpio-0:2.5-4.RHEL3.s390",
"3Desktop:cpio-0:2.5-4.RHEL3.s390x",
"3Desktop:cpio-0:2.5-4.RHEL3.src",
"3Desktop:cpio-0:2.5-4.RHEL3.x86_64",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3ES:cpio-0:2.5-4.RHEL3.i386",
"3ES:cpio-0:2.5-4.RHEL3.ia64",
"3ES:cpio-0:2.5-4.RHEL3.ppc",
"3ES:cpio-0:2.5-4.RHEL3.s390",
"3ES:cpio-0:2.5-4.RHEL3.s390x",
"3ES:cpio-0:2.5-4.RHEL3.src",
"3ES:cpio-0:2.5-4.RHEL3.x86_64",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3WS:cpio-0:2.5-4.RHEL3.i386",
"3WS:cpio-0:2.5-4.RHEL3.ia64",
"3WS:cpio-0:2.5-4.RHEL3.ppc",
"3WS:cpio-0:2.5-4.RHEL3.s390",
"3WS:cpio-0:2.5-4.RHEL3.s390x",
"3WS:cpio-0:2.5-4.RHEL3.src",
"3WS:cpio-0:2.5-4.RHEL3.x86_64",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"4AS:cpio-0:2.5-8.RHEL4.i386",
"4AS:cpio-0:2.5-8.RHEL4.ia64",
"4AS:cpio-0:2.5-8.RHEL4.ppc",
"4AS:cpio-0:2.5-8.RHEL4.s390",
"4AS:cpio-0:2.5-8.RHEL4.s390x",
"4AS:cpio-0:2.5-8.RHEL4.src",
"4AS:cpio-0:2.5-8.RHEL4.x86_64",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4Desktop:cpio-0:2.5-8.RHEL4.i386",
"4Desktop:cpio-0:2.5-8.RHEL4.ia64",
"4Desktop:cpio-0:2.5-8.RHEL4.ppc",
"4Desktop:cpio-0:2.5-8.RHEL4.s390",
"4Desktop:cpio-0:2.5-8.RHEL4.s390x",
"4Desktop:cpio-0:2.5-8.RHEL4.src",
"4Desktop:cpio-0:2.5-8.RHEL4.x86_64",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4ES:cpio-0:2.5-8.RHEL4.i386",
"4ES:cpio-0:2.5-8.RHEL4.ia64",
"4ES:cpio-0:2.5-8.RHEL4.ppc",
"4ES:cpio-0:2.5-8.RHEL4.s390",
"4ES:cpio-0:2.5-8.RHEL4.s390x",
"4ES:cpio-0:2.5-8.RHEL4.src",
"4ES:cpio-0:2.5-8.RHEL4.x86_64",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4WS:cpio-0:2.5-8.RHEL4.i386",
"4WS:cpio-0:2.5-8.RHEL4.ia64",
"4WS:cpio-0:2.5-8.RHEL4.ppc",
"4WS:cpio-0:2.5-8.RHEL4.s390",
"4WS:cpio-0:2.5-8.RHEL4.s390x",
"4WS:cpio-0:2.5-8.RHEL4.src",
"4WS:cpio-0:2.5-8.RHEL4.x86_64",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-1111"
},
{
"category": "external",
"summary": "RHBZ#1617604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-1111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111"
}
],
"release_date": "2005-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-07-21T18:12:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:cpio-0:2.5-4.RHEL3.i386",
"3AS:cpio-0:2.5-4.RHEL3.ia64",
"3AS:cpio-0:2.5-4.RHEL3.ppc",
"3AS:cpio-0:2.5-4.RHEL3.s390",
"3AS:cpio-0:2.5-4.RHEL3.s390x",
"3AS:cpio-0:2.5-4.RHEL3.src",
"3AS:cpio-0:2.5-4.RHEL3.x86_64",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3AS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3Desktop:cpio-0:2.5-4.RHEL3.i386",
"3Desktop:cpio-0:2.5-4.RHEL3.ia64",
"3Desktop:cpio-0:2.5-4.RHEL3.ppc",
"3Desktop:cpio-0:2.5-4.RHEL3.s390",
"3Desktop:cpio-0:2.5-4.RHEL3.s390x",
"3Desktop:cpio-0:2.5-4.RHEL3.src",
"3Desktop:cpio-0:2.5-4.RHEL3.x86_64",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3Desktop:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3ES:cpio-0:2.5-4.RHEL3.i386",
"3ES:cpio-0:2.5-4.RHEL3.ia64",
"3ES:cpio-0:2.5-4.RHEL3.ppc",
"3ES:cpio-0:2.5-4.RHEL3.s390",
"3ES:cpio-0:2.5-4.RHEL3.s390x",
"3ES:cpio-0:2.5-4.RHEL3.src",
"3ES:cpio-0:2.5-4.RHEL3.x86_64",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3ES:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"3WS:cpio-0:2.5-4.RHEL3.i386",
"3WS:cpio-0:2.5-4.RHEL3.ia64",
"3WS:cpio-0:2.5-4.RHEL3.ppc",
"3WS:cpio-0:2.5-4.RHEL3.s390",
"3WS:cpio-0:2.5-4.RHEL3.s390x",
"3WS:cpio-0:2.5-4.RHEL3.src",
"3WS:cpio-0:2.5-4.RHEL3.x86_64",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.i386",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.ia64",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.ppc",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.s390x",
"3WS:cpio-debuginfo-0:2.5-4.RHEL3.x86_64",
"4AS:cpio-0:2.5-8.RHEL4.i386",
"4AS:cpio-0:2.5-8.RHEL4.ia64",
"4AS:cpio-0:2.5-8.RHEL4.ppc",
"4AS:cpio-0:2.5-8.RHEL4.s390",
"4AS:cpio-0:2.5-8.RHEL4.s390x",
"4AS:cpio-0:2.5-8.RHEL4.src",
"4AS:cpio-0:2.5-8.RHEL4.x86_64",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4AS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4Desktop:cpio-0:2.5-8.RHEL4.i386",
"4Desktop:cpio-0:2.5-8.RHEL4.ia64",
"4Desktop:cpio-0:2.5-8.RHEL4.ppc",
"4Desktop:cpio-0:2.5-8.RHEL4.s390",
"4Desktop:cpio-0:2.5-8.RHEL4.s390x",
"4Desktop:cpio-0:2.5-8.RHEL4.src",
"4Desktop:cpio-0:2.5-8.RHEL4.x86_64",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4Desktop:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4ES:cpio-0:2.5-8.RHEL4.i386",
"4ES:cpio-0:2.5-8.RHEL4.ia64",
"4ES:cpio-0:2.5-8.RHEL4.ppc",
"4ES:cpio-0:2.5-8.RHEL4.s390",
"4ES:cpio-0:2.5-8.RHEL4.s390x",
"4ES:cpio-0:2.5-8.RHEL4.src",
"4ES:cpio-0:2.5-8.RHEL4.x86_64",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4ES:cpio-debuginfo-0:2.5-8.RHEL4.x86_64",
"4WS:cpio-0:2.5-8.RHEL4.i386",
"4WS:cpio-0:2.5-8.RHEL4.ia64",
"4WS:cpio-0:2.5-8.RHEL4.ppc",
"4WS:cpio-0:2.5-8.RHEL4.s390",
"4WS:cpio-0:2.5-8.RHEL4.s390x",
"4WS:cpio-0:2.5-8.RHEL4.src",
"4WS:cpio-0:2.5-8.RHEL4.x86_64",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.i386",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.ia64",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.ppc",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.s390x",
"4WS:cpio-debuginfo-0:2.5-8.RHEL4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:378"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
RHSA-2005_806
Vulnerability from csaf_redhat - Published: 2005-11-10 19:01 - Updated: 2024-11-21 23:41Summary
Red Hat Security Advisory: cpio security update
Severity
Low
Notes
Topic: An updated cpio package that fixes multiple issues is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details: GNU cpio copies files into or out of a cpio or tar archive.
A race condition bug was found in cpio. It is possible for a local
malicious user to modify the permissions of a local file if they have write
access to a directory in which a cpio archive is being extracted. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2005-1111 to this issue.
It was discovered that cpio uses a 0 umask when creating files using the -O
(archive) option. This creates output files with mode 0666 (all users can
read and write) regardless of the user's umask setting. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-1999-1572 to this issue.
All users of cpio are advised to upgrade to this updated package, which
contains backported fixes for these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::as
|
— |
Vendor Fix
fix
|
|
Red Hat Enterprise Linux ES version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::es
|
— |
Vendor Fix
fix
|
|
Red Hat Enterprise Linux WS version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::ws
|
— |
Vendor Fix
fix
|
|
Red Hat Linux Advanced Workstation 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::aw
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::as
|
— |
Vendor Fix
fix
|
|
Red Hat Enterprise Linux ES version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::es
|
— |
Vendor Fix
fix
|
|
Red Hat Enterprise Linux WS version 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::ws
|
— |
Vendor Fix
fix
|
|
Red Hat Linux Advanced Workstation 2.1
Red Hat / Red Hat Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:2.1::aw
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
13 references
Acknowledgments
Mike O'Connor
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated cpio package that fixes multiple issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "GNU cpio copies files into or out of a cpio or tar archive. \n\nA race condition bug was found in cpio. It is possible for a local\nmalicious user to modify the permissions of a local file if they have write\naccess to a directory in which a cpio archive is being extracted. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCVE-2005-1111 to this issue.\n\nIt was discovered that cpio uses a 0 umask when creating files using the -O\n(archive) option. This creates output files with mode 0666 (all users can\nread and write) regardless of the user\u0027s umask setting. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCVE-1999-1572 to this issue.\n\nAll users of cpio are advised to upgrade to this updated package, which\ncontains backported fixes for these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:806",
"url": "https://access.redhat.com/errata/RHSA-2005:806"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "169760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=169760"
},
{
"category": "external",
"summary": "172191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=172191"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_806.json"
}
],
"title": "Red Hat Security Advisory: cpio security update",
"tracking": {
"current_release_date": "2024-11-21T23:41:19+00:00",
"generator": {
"date": "2024-11-21T23:41:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2005:806",
"initial_release_date": "2005-11-10T19:01:00+00:00",
"revision_history": [
{
"date": "2005-11-10T19:01:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-11-10T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T23:41:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product": {
"name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux Advanced Workstation 2.1",
"product": {
"name": "Red Hat Linux Advanced Workstation 2.1",
"product_id": "Red Hat Linux Advanced Workstation 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 2.1",
"product": {
"name": "Red Hat Enterprise Linux ES version 2.1",
"product_id": "Red Hat Enterprise Linux ES version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 2.1",
"product": {
"name": "Red Hat Enterprise Linux WS version 2.1",
"product_id": "Red Hat Enterprise Linux WS version 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mike O\u0027Connor"
]
}
],
"cve": "CVE-1999-1572",
"discovery_date": "2005-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616458"
}
],
"notes": [
{
"category": "description",
"text": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-1999-1572"
},
{
"category": "external",
"summary": "RHBZ#1616458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-1999-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-1572"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572",
"url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1572"
}
],
"release_date": "1996-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-11-10T19:01:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:806"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2005-1111",
"discovery_date": "2005-04-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617604"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-1111"
},
{
"category": "external",
"summary": "RHBZ#1617604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617604"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-1111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1111"
}
],
"release_date": "2005-04-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-11-10T19:01:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
"Red Hat Enterprise Linux ES version 2.1",
"Red Hat Enterprise Linux WS version 2.1",
"Red Hat Linux Advanced Workstation 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:806"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…