Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-650-1: cpio vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-650-1: cpio vulnerability
# 1  
Old 10-02-2008
USN-650-1: cpio vulnerability
Referenced CVEs:
CVE-2007-4476


Description:
Code:
===========================================================Ubuntu Security Notice USN-650-1           October 02, 2008cpio vulnerabilityCVE-2007-4476===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS:  cpio                            2.6-10ubuntu0.3Ubuntu 7.04:  cpio                            2.6-17ubuntu0.7.04.1Ubuntu 7.10:  cpio                            2.8-1ubuntu2.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:A buffer overflow was discovered in cpio. If a user were tricked intoopening a crafted cpio archive, an attacker could cause a denial ofservice via application crash, or possibly execute code with theprivileges of the user invoking the program. (CVE-2007-4476)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Cpio - input files (from list) are stored in different order inside cpio archive - why?

Due to budget constraints I have to reinvent an Enterprise backup system in a SPARC (sun4v) Solaris estate (10 & 11). (yep - reinvent wheel, fun but time consuming. Is this wise?! :confused: ) For each filesystem of interest, to try to capture a 'catalog' at the front of each cpio archive (for... (1 Reply)
Discussion started by: am115998
1 Replies

2. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Referenced CVEs: CVE-2009-2288 Description: =========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3... (0 Replies)
Discussion started by: Linux Bot
0 Replies
Login or Register to Ask a Question

LEARN ABOUT OSF1

cpio

cpio(4) 						     Kernel Interfaces Manual							   cpio(4)

NAME

       cpio - Format of cpio archive

DESCRIPTION

       The header structure, when the -c option of cpio(1) is not used, is: struct {
		  short   h_magic,
			  h_dev;
		  ushort  h_ino,
			  h_mode,
			  h_uid,
			  h_gid;
		  short   h_nlink,
			  h_rdev
			  h_mtime[2],
			  h_namesize,
			  h_filesize[2]'
		  char	   h_name[h_namesize  rounded  to  word];  }  Hdr;  When  the  -c  option is used, the header information is described by:
       sscanf(Chdr,"%6o%6o%6o%6o%6o%6o%6o%6o%11lo%6o%11lo%s",
	 &Hdr.h_magic, &Hdr.h_dev, &Hdr.h_ino, &Hdr.h_mode,
	 &Hdr.h_uid, &Hdr.h_gid, &Hdr.h_nlink, &Hdr.h_rdev,
	 &Longtime, &Hdr.h_namesize,&Longfile,Hdr.h_name); The Longtime and Longfile are equivalent to	Hdr.h_mtime  and  Hdr.h_filesize,  respec-
       tively.	The contents of each file are recorded in an element of the array of varying length structures, archive, together with other items
       describing the file.  Every instance of h_magic contains the constant 070707 (octal).   The  items  h_dev  through  h_mtime  have  meanings
       explained in stat(2).  The length of the null-terminated path name h_name, including the null byte, is given by h_namesize.

       The  last  record of the archive always contains the name TRAILER!!!  Special files, directories, and the trailer are recorded with h_file-
       size equal to zero.

RELATED INFORMATION

       cpio(1), find(1), stat(2) delim off

																	   cpio(4)