Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-650-1: cpio vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-650-1: cpio vulnerability
# 1  
Old 10-02-2008
USN-650-1: cpio vulnerability
Referenced CVEs:
CVE-2007-4476


Description:
Code:
===========================================================Ubuntu Security Notice USN-650-1           October 02, 2008cpio vulnerabilityCVE-2007-4476===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS:  cpio                            2.6-10ubuntu0.3Ubuntu 7.04:  cpio                            2.6-17ubuntu0.7.04.1Ubuntu 7.10:  cpio                            2.8-1ubuntu2.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:A buffer overflow was discovered in cpio. If a user were tricked intoopening a crafted cpio archive, an attacker could cause a denial ofservice via application crash, or possibly execute code with theprivileges of the user invoking the program. (CVE-2007-4476)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Cpio - input files (from list) are stored in different order inside cpio archive - why?

Due to budget constraints I have to reinvent an Enterprise backup system in a SPARC (sun4v) Solaris estate (10 & 11). (yep - reinvent wheel, fun but time consuming. Is this wise?! :confused: ) For each filesystem of interest, to try to capture a 'catalog' at the front of each cpio archive (for... (1 Reply)
Discussion started by: am115998
1 Replies

2. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Referenced CVEs: CVE-2009-2288 Description: =========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3... (0 Replies)
Discussion started by: Linux Bot
0 Replies
Login or Register to Ask a Question

LEARN ABOUT SUNOS

cpio.h

cpio.h(3HEAD)							      Headers							     cpio.h(3HEAD)

NAME

       cpio.h, cpio - cpio archive values

SYNOPSIS

       #include <cpio.h>

DESCRIPTION

       Values needed by the c_mode field of the cpio archive format are described as follows:

       Name		 Description
       C_IRUSR		 Read by owner
       C_IWUSR		 Write by owner
       C_IXUSR		 Execute by owner
       C_IRGRP		 Read by group
       C_IWGRP		 Write by group
       C_IXGRP		 Execute by group
       C_IROTH		 Read by others
       C_IWOTH		 Write by others
       C_IXOTH		 Execute by others
       C_ISUID		 Set user ID
       C_ISGID		 Set group ID
       C_ISVTX		 On directories, restricted deletion flag
       C_ISDIR		 Directory
       C_ISFIFO 	 FIFO
       C_ISREG		 Regular file
       C_ISBLK		 Block special
       C_ISCHR		 Character special
       C_ISCTG		 Reserved
       C_ISLNK		 Symbolic link
       C_ISSOCK 	 Socket

       The header defines the symbolic constant:

       MAGIC	     "070707"

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Standard			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       pax(1), attributes(5), standards(5)

SunOS 5.10							    10 Sep 2004 						     cpio.h(3HEAD)