Description
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Product(s):
- Debian Debian Linux 3.0
- FreeBSD 2.1.0
- MandrakeSoft Mandrake Linux 10.0
- MandrakeSoft Mandrake Linux 10.1
- MandrakeSoft Mandrake Linux 9.2
- MandrakeSoft Mandrake Linux CS2.1
- MandrakeSoft Mandrake Linux CS3.0
- Red Hat Enterprise Linux 4.0 Advanced Server
- Red Hat Enterprise Linux 4.0 Enterprise Server
- Red Hat Enterprise Linux 4.0 Workstation
- Red Hat Desktop 4.0
- Ubuntu Linux 4.10
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-1999-1572, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-1999-1572 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.