Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-1999-1572

Published: Jul 16, 1996 | Modified: Oct 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-1999-1572
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Affected Software

Name Vendor Start Version End Version
Debian_linux Debian 3.0 (including) 3.0 (including)
Freebsd Freebsd 2.1.0 (including) 2.1.0 (including)
Mandrake_linux Mandrakesoft 9.2 (including) 9.2 (including)
Mandrake_linux Mandrakesoft 10.0 (including) 10.0 (including)
Mandrake_linux Mandrakesoft 10.1 (including) 10.1 (including)
Mandrake_linux Mandrakesoft cs2.1 (including) cs2.1 (including)
Mandrake_linux Mandrakesoft cs3.0 (including) cs3.0 (including)
Enterprise_linux Redhat 4.0 (including) 4.0 (including)
Enterprise_linux_desktop Redhat 4.0 (including) 4.0 (including)
Ubuntu_linux Ubuntu 4.10 (including) 4.10 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use