Vulnerabilities > CVE-1999-1572

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. Fixed in rev 1.3 of cpio/main.c.

Vulnerable Configurations

Part	Description	Count
OS	Debian Debian Debian Linux 3.0	1
OS	Freebsd Freebsd Freebsd 2.1.0	1
OS	Mandrakesoft Mandrakesoft Mandrake Linux 9.2 Mandrakesoft Mandrake Linux 10.0 Mandrakesoft Mandrake Linux 10.1 Mandrakesoft Mandrake Linux Cs2.1 Mandrakesoft Mandrake Linux Cs3.0	5
OS	Redhat Redhat Enterprise Linux 4.0 Redhat Enterprise Linux Desktop 4.0	4
OS	Ubuntu Ubuntu Ubuntu Linux 4.10	1

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-073.NASL
description	An updated cpio package that fixes a umask bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team GNU cpio copies files into or out of a cpio or tar archive. It was discovered that cpio uses a 0 umask when creating files using the -O (archive) option. This creates output files with mode 0666 (all can read and write) regardless of the user
last seen	2020-06-01
modified	2020-06-02
plugin id	17181
published	2005-02-22
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17181
title	RHEL 4 : cpio (RHSA-2005:073)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:073. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17181); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-1999-1572", "CVE-2005-0085"); script_xref(name:"RHSA", value:"2005:073"); script_name(english:"RHEL 4 : cpio (RHSA-2005:073)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated cpio package that fixes a umask bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team GNU cpio copies files into or out of a cpio or tar archive. It was discovered that cpio uses a 0 umask when creating files using the -O (archive) option. This creates output files with mode 0666 (all can read and write) regardless of the user's umask setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-1572 to this issue. Users of cpio should upgrade to this updated package, which resolves this issue. Red Hat would like to thank Mike O'Connor for bringing this issue to our attention." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-1999-1572" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:073" ); script_set_attribute(attribute:"solution", value:"Update the affected cpio package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cpio"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"1996/07/16"); script_set_attribute(attribute:"patch_publication_date", value:"2005/02/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:073"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"cpio-2.5-7.EL4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cpio"); } }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-080.NASL
description	An updated cpio package that fixes a umask bug and supports large files (>2GB) is now available. This update has been rated as having low security impact by the Red Hat Security Response Team GNU cpio copies files into or out of a cpio or tar archive. It was discovered that cpio uses a 0 umask when creating files using the -O (archive) option. This creates output files with mode 0666 (all can read and write) regardless of the user
last seen	2020-06-01
modified	2020-06-02
plugin id	17146
published	2005-02-18
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17146
title	RHEL 3 : cpio (RHSA-2005:080)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-664.NASL
description	It has been discovered, that cpio, a program to manage archives of files, creates output files with -O and -F with broken permissions due to a reset zero umask which allows local users to read or overwrite those files.
last seen	2020-06-01
modified	2020-06-02
plugin id	16300
published	2005-02-03
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16300
title	Debian DSA-664-1 : cpio - broken file permissions

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-032.NASL
description	A vulnerability in cpio was discovered where cpio would create world- writeable files when used in -o/--create mode and giving an output file (with -O). This would allow any user to modify the created cpio archive. The updated packages have been patched so that cpio now respects the current umask setting of the user. Update : The updated cpio packages for 10.1, while they would install with urpmi on the commandline, would not install via rpmdrake. The updated packages correct that.
last seen	2020-06-01
modified	2020-06-02
plugin id	16375
published	2005-02-11
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16375
title	Mandrake Linux Security Advisory : cpio (MDKSA-2005:032-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-806.NASL
description	An updated cpio package that fixes multiple issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU cpio copies files into or out of a cpio or tar archive. A race condition bug was found in cpio. It is possible for a local malicious user to modify the permissions of a local file if they have write access to a directory in which a cpio archive is being extracted. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-1111 to this issue. It was discovered that cpio uses a 0 umask when creating files using the -O (archive) option. This creates output files with mode 0666 (all users can read and write) regardless of the user
last seen	2020-06-01
modified	2020-06-02
plugin id	20204
published	2005-11-15
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/20204
title	RHEL 2.1 : cpio (RHSA-2005:806)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-75-1.NASL
description	Recently it was discovered that cpio created world-writeable files when used in -o/--create mode with giving an output file (with -O). This allowed any user to modify the created cpio archives. Now cpio respects the current umask setting of the user. Note: This vulnerability has already been fixed in a very old version of cpio, but the fix was never ported to the current version. Therefore the CAN number was assigned to the year 1999. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	20697
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20697
title	Ubuntu 4.10 : cpio vulnerability (USN-75-1)

Oval

accepted

2013-04-29T04:09:43.356-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10888

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa
id RHSA-2005:073
rhsa
id RHSA-2005:080
rhsa
id RHSA-2005:806

rpms

cpio-0:2.5-7.EL4.1
cpio-debuginfo-0:2.5-7.EL4.1
cpio-0:2.5-3e.3
cpio-debuginfo-0:2.5-3e.3

Statements

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Vulnerabilities > CVE-1999-1572 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-1999-1572"}]}

Summary