Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00075Percentile:
0.23234
CVSS Scoring
CVSS v3.1 Score: 4.7
Severity: MEDIUM
Mapped CWE(s)
CWE-367
: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-59
: Improper Link Resolution Before File Access ('Link Following')
All CAPEC(s)
CAPEC-132 : Symlink Attack
CAPEC-17 : Using Malicious Files
CAPEC-27 : Leveraging Race Conditions via Symbolic Links
CAPEC-29 : Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-35 : Leverage Executable Code in Non-Executable Files
CAPEC-76 : Manipulating Web Input to File System Calls
CAPEC(s) with Mapped TTPs
CAPEC-132 : Symlink Attack
Mapped TTPs:
CAPEC-17 : Using Malicious Files
Mapped TTPs:
T1574.005
: Executable Installer File Permissions Weakness
T1574.010
: Services File Permissions Weakness
CAPEC-35 : Leverage Executable Code in Non-Executable Files
Mapped TTPs:
Mapped ATT&CK TTPs
T1547.009
: Shortcut Modification
Kill Chain: persistence
T1574.005
: Executable Installer File Permissions Weakness
Kill Chain: persistence
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
T1027.006
: HTML Smuggling
Kill Chain: defense-evasion
T1027.009
: Embedded Payloads
Kill Chain: defense-evasion
T1564.009
: Resource Forking
Kill Chain: defense-evasion
Malware
APTs Threat Group Associations
Campaigns
Affected Products
cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me