Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-650-1: cpio vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-650-1: cpio vulnerability
# 1  
Old 10-02-2008
USN-650-1: cpio vulnerability
Referenced CVEs:
CVE-2007-4476


Description:
Code:
===========================================================Ubuntu Security Notice USN-650-1           October 02, 2008cpio vulnerabilityCVE-2007-4476===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS:  cpio                            2.6-10ubuntu0.3Ubuntu 7.04:  cpio                            2.6-17ubuntu0.7.04.1Ubuntu 7.10:  cpio                            2.8-1ubuntu2.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:A buffer overflow was discovered in cpio. If a user were tricked intoopening a crafted cpio archive, an attacker could cause a denial ofservice via application crash, or possibly execute code with theprivileges of the user invoking the program. (CVE-2007-4476)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Cpio - input files (from list) are stored in different order inside cpio archive - why?

Due to budget constraints I have to reinvent an Enterprise backup system in a SPARC (sun4v) Solaris estate (10 & 11). (yep - reinvent wheel, fun but time consuming. Is this wise?! :confused: ) For each filesystem of interest, to try to capture a 'catalog' at the front of each cpio archive (for... (1 Reply)
Discussion started by: am115998
1 Replies

2. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Referenced CVEs: CVE-2009-2288 Description: =========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3... (0 Replies)
Discussion started by: Linux Bot
0 Replies
Login or Register to Ask a Question

LEARN ABOUT HPUX

cpio

cpio(4) 						     Kernel Interfaces Manual							   cpio(4)

NAME

       cpio - format of cpio archive

DESCRIPTION

       The header structure, when the option of is not used (see cpio(1)), is:

       When the option is used, the header information is described by:

       Longtime  and Longfile are equivalent to and respectively.  The contents of each file are recorded together with other items describing the
       file.  Every instance of contains the constant 070707 (octal).  The items through have meanings explained in stat(2).  The  length  of  the
       null-terminated path name including the null byte, is given by

       The last record of the archive always contains the name Directories and the trailer are recorded with equal to zero.

       It  will not always be the case that and correspond to the results of but the values are always sufficient to tell whether two files in the
       archive are linked to each other.

       When a device special file is archived by HP-UX (using the option), contains a magic constant which is dependent  upon  the  implementation
       doing  the writing.  flags the device file as an HP-UX 32-bit device specifier, and contains the 32-bit device specifier (see stat(2)).	If
       the option is not present, special files are not archived or restored.  Non-HPUX device special files are never restored.

SEE ALSO

       cpio(1), find(1), stat(2).

STANDARDS CONFORMANCE

																	   cpio(4)