USN-650-1: cpio vulnerability

10-02-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-650-1: cpio vulnerability

Referenced CVEs:
CVE-2007-4476

Description:

Code:

===========================================================Ubuntu Security Notice USN-650-1           October 02, 2008cpio vulnerabilityCVE-2007-4476===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS:  cpio                            2.6-10ubuntu0.3Ubuntu 7.04:  cpio                            2.6-17ubuntu0.7.04.1Ubuntu 7.10:  cpio                            2.8-1ubuntu2.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:A buffer overflow was discovered in cpio. If a user were tricked intoopening a crafted cpio archive, an attacker could cause a denial ofservice via application crash, or possibly execute code with theprivileges of the user invoking the program. (CVE-2007-4476)

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

CPIO(1) General Commands Manual CPIO(1) NAME
cpio - copy files to and from archives SYNOPSIS
cpio {-o|--create} [-0acvABLV] [-C bytes] [-H format] [-M message] [-O [[user@]host:]archive] [-F [[user@]host:]archive] [--file=[[user@]host:]archive] [--format=format] [--message=message] [--null] [--reset-access-time] [--verbose] [--dot] [--append] [--block-size=blocks] [--dereference] [--io-size=bytes] [--quiet] [--force-local] [--rsh-command=command] [--help] [--version] < name-list [> archive] cpio {-i|--extract} [-bcdfmnrtsuvBSV] [-C bytes] [-E file] [-H format] [-M message] [-R [user][:.][group]] [-I [[user@]host:]archive] [-F [[user@]host:]archive] [--file=[[user@]host:]archive] [--make-directories] [--nonmatching] [--preserve-modification-time] [--numeric-uid- gid] [--rename] [-t|--list] [--swap-bytes] [--swap] [--dot] [--unconditional] [--verbose] [--block-size=blocks] [--swap-halfwords] [--io- size=bytes] [--pattern-file=file] [--format=format] [--owner=[user][:.][group]] [--no-preserve-owner] [--message=message] [--force-local] [--no-absolute-filenames] [--sparse] [--only-verify-crc] [--to-stdout] [--quiet] [--rsh-command=command] [--help] [--version] [pattern...] [< archive] cpio {-p|--pass-through} [-0adlmuvLV] [-R [user][:.][group]] [--null] [--reset-access-time] [--make-directories] [--link] [--quiet] [--pre- serve-modification-time] [--unconditional] [--verbose] [--dot] [--dereference] [--owner=[user][:.][group]] [--no-preserve-owner] [--sparse] [--help] [--version] destination-directory < name-list REPORTING BUGS
Report cpio bugs to bug-cpio@gnu.org GNU cpio home page: <http://www.gnu.org/software/cpio/> General help using GNU software: <http://www.gnu.org/gethelp/> Report cpio translation bugs to <http://translationproject.org/team/> SEE ALSO
cpio(5) DESCRIPTION
GNU cpio is fully documented in the texinfo documentation. To access the help from your command line, type info cpio The online copy of the documentation is available at the following address: http://www.gnu.org/software/cpio/manual CPIO(1)

Security Advisories (RSS)

USN-650-1: cpio vulnerability

2 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Cpio - input files (from list) are stored in different order inside cpio archive - why?

Discussion started by: am115998

2. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Discussion started by: Linux Bot

LEARN ABOUT LINUX

cpio