CVE-1999-1572

EPSS 0.14%

cpio - broken file permissions

Published: 7/16/1996Modified: 4/28/2026

Description

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Affected packages (2)

Debian/cpiofrom 0, < 2.5-1.2
Debian/cpiofrom 0, < 2.4.2-39woody1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-1999-1572