Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-650-1: cpio vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-650-1: cpio vulnerability
# 1  
Old 10-02-2008
USN-650-1: cpio vulnerability
Referenced CVEs:
CVE-2007-4476


Description:
Code:
===========================================================Ubuntu Security Notice USN-650-1           October 02, 2008cpio vulnerabilityCVE-2007-4476===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS:  cpio                            2.6-10ubuntu0.3Ubuntu 7.04:  cpio                            2.6-17ubuntu0.7.04.1Ubuntu 7.10:  cpio                            2.8-1ubuntu2.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:A buffer overflow was discovered in cpio. If a user were tricked intoopening a crafted cpio archive, an attacker could cause a denial ofservice via application crash, or possibly execute code with theprivileges of the user invoking the program. (CVE-2007-4476)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Cpio - input files (from list) are stored in different order inside cpio archive - why?

Due to budget constraints I have to reinvent an Enterprise backup system in a SPARC (sun4v) Solaris estate (10 & 11). (yep - reinvent wheel, fun but time consuming. Is this wise?! :confused: ) For each filesystem of interest, to try to capture a 'catalog' at the front of each cpio archive (for... (1 Reply)
Discussion started by: am115998
1 Replies

2. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Referenced CVEs: CVE-2009-2288 Description: =========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3... (0 Replies)
Discussion started by: Linux Bot
0 Replies
Login or Register to Ask a Question

LEARN ABOUT ULTRIX

cpio

cpio(5) 							File Formats Manual							   cpio(5)

Name
       cpio - format of cpio archive

Description
       The header structure, when the option of is not used, is:
       struct {
		  short   h_magic,
			  h_dev;
		  ushort  h_ino,
			  h_mode,
			  h_uid,
			  h_gid;
		  short   h_nlink,
			  h_rdev
			  h_mtime[2],
			  h_namesize,
			  h_filesize[2]'
		  char	  h_name[h_namesize rounded to word];
       } Hdr;
       When the option is used, the header information is described by:
       sscanf(Chdr,"%6o%6o%6o%6o%6o%6o%6o%6o%11lo%6o%11lo%s",
	     &Hdr.h_magic, &Hdr.h_dev, &Hdr.h_ino, &Hdr.h_mode,
	     &Hdr.h_uid, &Hdr.h_gid, &Hdr.h_nlink, &Hdr.h_rdev,
	     &Longtime, &Hdr.h_namesize,&Longfile,Hdr.h_name);
       The  Longtime  and  Longfile  are equivalent to Hdr.h_mtime and Hdr.h_filesize, respectively.  The contents of each file are recorded in an
       element of the array of varying length structures, archive, together with other items describing the file.  Every instance of h_magic  con-
       tains  the constant 070707 (octal).  The items h_dev through h_mtime have meanings explained in The length of the null-terminated path name
       h_name, including the null byte, is given by h_namesize.

       The last record of the archive always contains the name Special files, directories, and the trailer are recorded with h_filesize  equal	to
       zero.

See Also
       cpio(1), find(1), stat(2)

																	   cpio(5)