CVE-2005-1111

Name	CVE-2005-1111
Description	Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-846-1
Debian Bugs	305372

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
cpio (PTS)	bullseye	2.13+dfsg-7.1~deb11u1	fixed
	bookworm	2.13+dfsg-7.1	fixed
	forky, sid, trixie	2.15+dfsg-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
cpio	source	woody	2.4.2-39woody2		DSA-846-1
cpio	source	sarge	2.5-1.3		DSA-846-1
cpio	source	(unstable)	2.6-6	low		305372