Read Time:23 Second
Posted by Georgi Guninski on Jan 08
cpio privilege escalation vulnerability via setuid files in cpio archive
Happy New Year, let in 2024 happiness be with you! 🙂
When extracting archives cpio (at least version 2.13) preserves
the setuid flag, which might lead to privilege escalation.
One example is r00t extracts to /tmp/ and scidiot runs /tmp/micq/backd00r
without further interaction from root.
We believe this is vulnerability, since directory traversal in cpio
is considered…