Launchpad CVE tracker

CVE 2005-1229

Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.

Related bugs and status

CVE-2005-1229 (Candidate) is related to these bugs:

Bug #19824: cpio: allows extracting insecure pathnames (leading slash = / and dotdot = ..)

Summary				In	Importance	Status
	19824	cpio: allows extracting insecure pathnames (leading slash = / and dotdot = ..)		cpio (Ubuntu)	High	Fix Released
	19824	cpio: allows extracting insecure pathnames (leading slash = / and dotdot = ..)		cpio (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

SCO: SCOSA-2005.32
UBUNTU: USN-189-1
DEBIAN: DSA-846
SCO: SCOSA-2006.2
SECUNIA: 18290
FREEBSD: FreeBSD-SA-06:03
BID: 13291
OSVDB: 17939
SECUNIA: 18395
SECUNIA: 17123
SECUNIA: 16998
SUSE: SUSE-SR:2006:010
SECUNIA: 20117
MANDRIVA: MDKSA-2007:233
SECUNIA: 27857
BUGTRAQ: 20050420 cpio director...
XF: cpio-directory-travers...

Launchpad.net

CVE 2005-1229

Related bugs and status

Related bugs

References