cpio -- multiple vulnerabilities

2015-03-27T00:00:00
ID 72EE9707-D7B2-11E4-8D8E-F8B156B6DCC8
Type freebsd
Reporter FreeBSD
Modified 2015-03-27T00:00:00

Description

From the Debian Security Team:

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.