Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: USN-650-1: cpio vulnerability
Special Forums Cybersecurity Security Advisories (RSS) USN-650-1: cpio vulnerability Post 302242739 by Linux Bot on Thursday 2nd of October 2008 06:30:01 PM
Old 10-02-2008
USN-650-1: cpio vulnerability
Referenced CVEs:
CVE-2007-4476


Description:
Code:
===========================================================Ubuntu Security Notice USN-650-1           October 02, 2008cpio vulnerabilityCVE-2007-4476===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS:  cpio                            2.6-10ubuntu0.3Ubuntu 7.04:  cpio                            2.6-17ubuntu0.7.04.1Ubuntu 7.10:  cpio                            2.8-1ubuntu2.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:A buffer overflow was discovered in cpio. If a user were tricked intoopening a crafted cpio archive, an attacker could cause a denial ofservice via application crash, or possibly execute code with theprivileges of the user invoking the program. (CVE-2007-4476)





More...
 

2 More Discussions You Might Find Interesting

1. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Referenced CVEs: CVE-2009-2288 Description: =========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3... (0 Replies)
Discussion started by: Linux Bot
0 Replies

2. UNIX for Advanced & Expert Users

Cpio - input files (from list) are stored in different order inside cpio archive - why?

Due to budget constraints I have to reinvent an Enterprise backup system in a SPARC (sun4v) Solaris estate (10 & 11). (yep - reinvent wheel, fun but time consuming. Is this wise?! :confused: ) For each filesystem of interest, to try to capture a 'catalog' at the front of each cpio archive (for... (1 Reply)
Discussion started by: am115998
1 Replies

LEARN ABOUT LINUX

cpio

CPIO(1) 						      General Commands Manual							   CPIO(1)

NAME

       cpio - copy files to and from archives

SYNOPSIS

       cpio   {-o|--create}   [-0acvABLV]   [-C   bytes]   [-H	 format]   [-M	message]  [-O  [[user@]host:]archive]  [-F  [[user@]host:]archive]
       [--file=[[user@]host:]archive]  [--format=format]  [--message=message]  [--null]  [--reset-access-time]	[--verbose]   [--dot]	[--append]
       [--block-size=blocks]  [--dereference] [--io-size=bytes] [--quiet] [--force-local] [--rsh-command=command] [--help] [--version] < name-list
       [> archive]

       cpio {-i|--extract} [-bcdfmnrtsuvBSV] [-C bytes] [-E file] [-H format] [-M message] [-R [user][:.][group]] [-I  [[user@]host:]archive]  [-F
       [[user@]host:]archive]  [--file=[[user@]host:]archive]  [--make-directories] [--nonmatching] [--preserve-modification-time] [--numeric-uid-
       gid] [--rename] [-t|--list] [--swap-bytes] [--swap] [--dot] [--unconditional] [--verbose] [--block-size=blocks]	[--swap-halfwords]  [--io-
       size=bytes]  [--pattern-file=file]  [--format=format] [--owner=[user][:.][group]] [--no-preserve-owner] [--message=message] [--force-local]
       [--no-absolute-filenames] [--sparse] [--only-verify-crc] [--to-stdout] [--quiet] [--rsh-command=command] [--help] [--version]  [pattern...]
       [< archive]

       cpio {-p|--pass-through} [-0adlmuvLV] [-R [user][:.][group]] [--null] [--reset-access-time] [--make-directories] [--link] [--quiet] [--pre-
       serve-modification-time] [--unconditional] [--verbose] [--dot] [--dereference] [--owner=[user][:.][group]] [--no-preserve-owner] [--sparse]
       [--help] [--version] destination-directory < name-list

REPORTING BUGS

       Report cpio bugs to bug-cpio@gnu.org

       GNU cpio home page: <http://www.gnu.org/software/cpio/>

       General help using GNU software: <http://www.gnu.org/gethelp/>

       Report cpio translation bugs to <http://translationproject.org/team/>

SEE ALSO

       cpio(5)

DESCRIPTION

       GNU cpio is fully documented in the texinfo documentation. To access the help from your command line, type

       info cpio

       The online copy of the documentation is available at the following address:

       http://www.gnu.org/software/cpio/manual

																	   CPIO(1)
All times are GMT -4. The time now is 08:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy