USN-650-1: cpio vulnerability

10-02-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-650-1: cpio vulnerability

Referenced CVEs:
CVE-2007-4476

Description:

Code:

===========================================================Ubuntu Security Notice USN-650-1           October 02, 2008cpio vulnerabilityCVE-2007-4476===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS:  cpio                            2.6-10ubuntu0.3Ubuntu 7.04:  cpio                            2.6-17ubuntu0.7.04.1Ubuntu 7.10:  cpio                            2.8-1ubuntu2.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:A buffer overflow was discovered in cpio. If a user were tricked intoopening a crafted cpio archive, an attacker could cause a denial ofservice via application crash, or possibly execute code with theprivileges of the user invoking the program. (CVE-2007-4476)

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

rpm2cpio(1) User Commands rpm2cpio(1) NAME
rpm2cpio - convert Red Hat Package (RPM) to cpio archive SYNOPSIS
rpm2cpio [file.rpm] DESCRIPTION
The rpm2cpio utility converts the .rpm file specified as its sole argument to a cpio archive on standard output. (See NOTES.) If no argu- ment is given, an rpm stream is read from standard input. In both cases, rpm2cpio will fail and print a usage message if the standard out- put is a terminal. Therefore, the output is usually redirected to a file or piped through the cpio(1) utility. EXAMPLES
Example 1: Converting an rpm file example% rpm2cpio Device3Dfx-1.1-2.src.rpm | cpio -itv CPIO archive found! -rw-r--r-- 1 root root 2635 Sep 13 16:39 1998, 3dfx.gif -rw-r--r-- 1 root root 11339 Sep 27 16:03 1998, Dev3Dfx.tar.gz -rw-r--r-- 1 root root 1387 Sep 27 16:04 1998, Device3Dfx-1.1-2.spec 31 blocks Example 2: Converting from standard input example% rpm2cpio < Device3Dfx-1.1-2.src.rpm | cpio -itv CPIO archive found! -rw-r--r-- 1 root root 2635 Sep 13 16:39 1998, 3dfx.gif -rw-r--r-- 1 root root 11339 Sep 27 16:03 1998, Dev3Dfx.tar.gz -rw-r--r-- 1 root root 1387 Sep 27 16:04 1998, Device3Dfx-1.1-2.spec 31 blocks ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWrpm | +-----------------------------+-----------------------------+ SEE ALSO
cpio(1), attributes(5) NOTES
rpm2cpio handles versions 3 and 4 RPMs. SunOS 5.10 20 Aug 2001 rpm2cpio(1)

Security Advisories (RSS)

USN-650-1: cpio vulnerability

2 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Cpio - input files (from list) are stored in different order inside cpio archive - why?

Discussion started by: am115998

2. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Discussion started by: Linux Bot

LEARN ABOUT MOJAVE

rpm2cpio