{"id": "72EE9707-D7B2-11E4-8D8E-F8B156B6DCC8", "vendorId": null, "type": "freebsd", "bulletinFamily": "unix", "title": "cpio -- multiple vulnerabilities", "description": "\n\nFrom the Debian Security Team:\n\nHeap-based buffer overflow in the process_copy_in\n\t function in GNU Cpio 2.11 allows remote attackers to cause\n\t a denial of service via a large block value in a cpio\n\t archive.\n\n\ncpio 2.11, when using the --no-absolute-filenames\n\t option, allows local users to write to arbitrary files\n\t via a symlink attack on a file in an archive.\n\n\n", "published": "2015-03-27T00:00:00", "modified": "2015-03-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://vuxml.freebsd.org/freebsd/72ee9707-d7b2-11e4-8d8e-f8b156b6dcc8.html", "reporter": "FreeBSD", "references": ["https://security-tracker.debian.org/tracker/CVE-2014-9112", "https://bugzilla.suse.com/show_bug.cgi?id=658010"], "cvelist": ["CVE-2014-9112", "CVE-2015-1197"], "immutableFields": [], "lastseen": "2022-01-19T15:51:32", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201501-5", "ASA-201503-22"]}, {"type": "centos", "idList": ["CESA-2015:2108"]}, {"type": "cve", "idList": ["CVE-2014-9112", "CVE-2015-1197", "CVE-2017-7516"]}, {"type": "debian", "idList": ["DEBIAN:DLA-111-1:B5528", "DEBIAN:DSA-3111-1:0F282", "DEBIAN:DSA-3111-1:5E46C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9112", "DEBIANCVE:CVE-2015-1197"]}, {"type": "fedora", "idList": ["FEDORA:7F20B608780C", "FEDORA:A046460C813F"]}, {"type": "freebsd", "idList": ["F59AF308-07F3-11EA-8C56-F8B156B6DCC8"]}, {"type": "gentoo", "idList": ["GLSA-201502-11"]}, {"type": "ibm", "idList": ["5529999D22DF530DD7F6C74ED907B3757C4735BFDD34C459E7784C3A7B339C43"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2015-2108.NASL", "DEBIAN_DLA-111.NASL", "DEBIAN_DSA-3111.NASL", "EULEROS_SA-2016-1041.NASL", "EULEROS_SA-2020-1962.NASL", "FEDORA_2014-16168.NASL", "FEDORA_2014-16250.NASL", "FREEBSD_PKG_72EE9707D7B211E48D8EF8B156B6DCC8.NASL", "FREEBSD_PKG_F59AF30807F311EA8C56F8B156B6DCC8.NASL", "GENTOO_GLSA-201502-11.NASL", "MANDRIVA_MDVSA-2014-250.NASL", "MANDRIVA_MDVSA-2015-065.NASL", "MANDRIVA_MDVSA-2015-066.NASL", "OPENSUSE-2014-771.NASL", "ORACLELINUX_ELSA-2015-2108.NASL", "REDHAT-RHSA-2015-2108.NASL", "SL_20151119_CPIO_ON_SL7_X.NASL", "SUSE_11_CPIO-141204.NASL", "UBUNTU_USN-2456-1.NASL", "UBUNTU_USN-2906-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121350", "OPENVAS:1361412562310122738", "OPENVAS:1361412562310703111", "OPENVAS:1361412562310842040", "OPENVAS:1361412562310842652", "OPENVAS:1361412562310868805", "OPENVAS:1361412562310871486", "OPENVAS:1361412562311220161041", "OPENVAS:703111"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2108"]}, {"type": "redhat", "idList": ["RHSA-2015:2108"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-7516"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31537", "SECURITYVULNS:DOC:31953", "SECURITYVULNS:VULN:14167", "SECURITYVULNS:VULN:14320"]}, {"type": "ubuntu", "idList": ["USN-2456-1", "USN-2906-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9112", "UB:CVE-2015-1197"]}]}, "score": {"value": 5.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2015:2108"]}, {"type": "cve", "idList": ["CVE-2014-9112", "CVE-2015-1197"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3111-1:0F282"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9112"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2015-2108.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:703111"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2108"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-7516"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31953"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1197"]}]}, "exploitation": null, "vulnersScore": 5.6}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "packageVersion": "2.11_3", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "gcpio"}], "_state": {"dependencies": 1647589307, "score": 0}}

{"nessus": [{"lastseen": "2021-08-19T12:46:24", "description": "From the Debian Security Team :\n\nHeap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.\n\ncpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", "cvss3": {"score": null, "vector": null}, "published": "2015-04-01T00:00:00", "type": "nessus", "title": "FreeBSD : cpio -- multiple vulnerabilities (72ee9707-d7b2-11e4-8d8e-f8b156b6dcc8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112", "CVE-2015-1197"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:gcpio", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_72EE9707D7B211E48D8EF8B156B6DCC8.NASL", "href": "https://www.tenable.com/plugins/nessus/82480", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82480);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9112\", \"CVE-2015-1197\");\n\n script_name(english:\"FreeBSD : cpio -- multiple vulnerabilities (72ee9707-d7b2-11e4-8d8e-f8b156b6dcc8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From the Debian Security Team :\n\nHeap-based buffer overflow in the process_copy_in function in GNU Cpio\n2.11 allows remote attackers to cause a denial of service via a large\nblock value in a cpio archive.\n\ncpio 2.11, when using the --no-absolute-filenames option, allows local\nusers to write to arbitrary files via a symlink attack on a file in an\narchive.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=658010\"\n );\n # https://vuxml.freebsd.org/freebsd/72ee9707-d7b2-11e4-8d8e-f8b156b6dcc8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47dc84a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gcpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gcpio<2.11_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:46:42", "description": "Updated cpio package fixes security vulnerabilities :\n\nHeap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive (CVE-2014-9112).\n\nAdditionally, a NULL pointer dereference in the copyin_link function which could cause a denial of service has also been fixed.\n\nIn GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory.\nHowever, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory (CVE-2015-1197).", "cvss3": {"score": null, "vector": null}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : cpio (MDVSA-2015:065)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112", "CVE-2015-1197"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:cpio", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-065.NASL", "href": "https://www.tenable.com/plugins/nessus/82318", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:065. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82318);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9112\", \"CVE-2015-1197\");\n script_xref(name:\"MDVSA\", value:\"2015:065\");\n\n script_name(english:\"Mandriva Linux Security Advisory : cpio (MDVSA-2015:065)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cpio package fixes security vulnerabilities :\n\nHeap-based buffer overflow in the process_copy_in function in GNU Cpio\n2.11 allows remote attackers to cause a denial of service via a large\nblock value in a cpio archive (CVE-2014-9112).\n\nAdditionally, a NULL pointer dereference in the copyin_link function\nwhich could cause a denial of service has also been fixed.\n\nIn GNU Cpio 2.11, the --no-absolute-filenames option limits extracting\ncontents of an archive to be strictly inside a current directory.\nHowever, it can be bypassed with symlinks. While extracting an\narchive, it will extract symlinks and then follow them if they are\nreferenced in further entries. This can be exploited by a rogue\narchive to write files outside the current directory (CVE-2015-1197).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0528.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0080.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"cpio-2.11-7.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:46:58", "description": "The remote host is affected by the vulnerability described in GLSA-201502-11 (GNU cpio: Multiple vulnerabilities)\n\n Two vulnerabilities have been discovered in GNU cpio:\n The list_file function in GNU cpio contains a heap-based buffer overflow vulnerability (CVE-2014-9112) A directory traversal vulnerability has been found in GNU cpio (CVE-2015-1197) Impact :\n\n A remote attacker may be able to entice a user to open a specially crafted archive using GNU cpio, possibly resulting in execution of arbitrary code, a Denial of Service condition, or overwriting arbitrary files.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-16T00:00:00", "type": "nessus", "title": "GLSA-201502-11 : GNU cpio: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112", "CVE-2015-1197"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:cpio", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201502-11.NASL", "href": "https://www.tenable.com/plugins/nessus/81369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201502-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81369);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9112\", \"CVE-2015-1197\");\n script_bugtraq_id(71248, 71914);\n script_xref(name:\"GLSA\", value:\"201502-11\");\n\n script_name(english:\"GLSA-201502-11 : GNU cpio: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201502-11\n(GNU cpio: Multiple vulnerabilities)\n\n Two vulnerabilities have been discovered in GNU cpio:\n The list_file function in GNU cpio contains a heap-based buffer\n overflow vulnerability (CVE-2014-9112)\n A directory traversal vulnerability has been found in GNU cpio\n (CVE-2015-1197)\n \nImpact :\n\n A remote attacker may be able to entice a user to open a specially\n crafted archive using GNU cpio, possibly resulting in execution of\n arbitrary code, a Denial of Service condition, or overwriting arbitrary\n files.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201502-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GNU cpio users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/cpio-2.11-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/cpio\", unaffected:make_list(\"ge 2.11-r3\"), vulnerable:make_list(\"lt 2.11-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GNU cpio\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:35", "description": "A heap-based buffer overflow flaw was found in cpio's list_file() function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash cpio, or potentially lead to arbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n - Previously, during archive creation, cpio internals did not detect a read() system call failure. Based on the premise that the call succeeded, cpio terminated unexpectedly with a segmentation fault without processing further files. The underlying source code has been patched, and an archive is now created successfully.\n\n - Previously, running the cpio command without parameters on Scientific Linux 7 with Russian as the default language resulted in an error message that was not accurate in Russian due to an error in spelling. This has been corrected and the Russian error message is spelled correctly.", "cvss3": {"score": null, "vector": null}, "published": "2015-12-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : cpio on SL7.x x86_64 (20151119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:cpio", "p-cpe:/a:fermilab:scientific_linux:cpio-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151119_CPIO_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87552", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87552);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9112\");\n\n script_name(english:\"Scientific Linux Security Update : cpio on SL7.x x86_64 (20151119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow flaw was found in cpio's list_file()\nfunction. An attacker could provide a specially crafted archive that,\nwhen processed by cpio, would crash cpio, or potentially lead to\narbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n - Previously, during archive creation, cpio internals did\n not detect a read() system call failure. Based on the\n premise that the call succeeded, cpio terminated\n unexpectedly with a segmentation fault without\n processing further files. The underlying source code has\n been patched, and an archive is now created\n successfully.\n\n - Previously, running the cpio command without parameters\n on Scientific Linux 7 with Russian as the default\n language resulted in an error message that was not\n accurate in Russian due to an error in spelling. This\n has been corrected and the Russian error message is\n spelled correctly.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=10232\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?636ff134\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cpio and / or cpio-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:cpio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"cpio-2.11-24.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"cpio-debuginfo-2.11-24.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio / cpio-debuginfo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:14", "description": "Security fix for CVE-2014-9112 (#1167573)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-06T00:00:00", "type": "nessus", "title": "Fedora 20 : cpio-2.11-28.fc20 (2014-16250)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cpio", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-16250.NASL", "href": "https://www.tenable.com/plugins/nessus/80364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16250.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80364);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_bugtraq_id(71248);\n script_xref(name:\"FEDORA\", value:\"2014-16250\");\n\n script_name(english:\"Fedora 20 : cpio-2.11-28.fc20 (2014-16250)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9112 (#1167573)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167571\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147581.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59a216bf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"cpio-2.11-28.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:57", "description": "Updated cpio packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file() function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash cpio, or potentially lead to arbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a read() system call failure. Based on the premise that the call succeeded, cpio terminated unexpectedly with a segmentation fault without processing further files. The underlying source code has been patched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat Enterprise Linux 7 with Russian as the default language resulted in an error message that was not accurate in Russian due to an error in spelling. This has been corrected and the Russian error message is spelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-12-02T00:00:00", "type": "nessus", "title": "CentOS 7 : cpio (CESA-2015:2108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:cpio", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-2108.NASL", "href": "https://www.tenable.com/plugins/nessus/87130", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2108 and \n# CentOS Errata and Security Advisory 2015:2108 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87130);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_xref(name:\"RHSA\", value:\"2015:2108\");\n\n script_name(english:\"CentOS 7 : cpio (CESA-2015:2108)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cpio packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and\nextracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file()\nfunction. An attacker could provide a specially crafted archive that,\nwhen processed by cpio, would crash cpio, or potentially lead to\narbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call\nsucceeded, cpio terminated unexpectedly with a segmentation fault\nwithout processing further files. The underlying source code has been\npatched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in\nspelling. This has been corrected and the Russian error message is\nspelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002174.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?03ba2aaf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9112\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cpio-2.11-24.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:26", "description": "Updated cpio package fixes security vulnerability :\n\nHeap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive (CVE-2014-9112).\n\nAdditionally, a NULL pointer dereference in the copyin_link function which could cause a denial of service has also been fixed.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : cpio (MDVSA-2014:250)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:cpio", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-250.NASL", "href": "https://www.tenable.com/plugins/nessus/79995", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:250. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79995);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_bugtraq_id(71248);\n script_xref(name:\"MDVSA\", value:\"2014:250\");\n\n script_name(english:\"Mandriva Linux Security Advisory : cpio (MDVSA-2014:250)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cpio package fixes security vulnerability :\n\nHeap-based buffer overflow in the process_copy_in function in GNU Cpio\n2.11 allows remote attackers to cause a denial of service via a large\nblock value in a cpio archive (CVE-2014-9112).\n\nAdditionally, a NULL pointer dereference in the copyin_link function\nwhich could cause a denial of service has also been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0528.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"cpio-2.11-3.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:35", "description": "Michal Zalewski discovered an out of bounds write issue in cpio, a tool for creating and extracting cpio archive files. In the process of fixing that issue, the cpio developers found and fixed additional range checking and NULL pointer dereference issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-30T00:00:00", "type": "nessus", "title": "Debian DSA-3111-1 : cpio - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:cpio", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3111.NASL", "href": "https://www.tenable.com/plugins/nessus/80284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3111. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80284);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_bugtraq_id(71248);\n script_xref(name:\"DSA\", value:\"3111\");\n\n script_name(english:\"Debian DSA-3111-1 : cpio - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered an out of bounds write issue in cpio, a\ntool for creating and extracting cpio archive files. In the process of\nfixing that issue, the cpio developers found and fixed additional\nrange checking and NULL pointer dereference issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/cpio\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cpio packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.11+dfsg-0.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"cpio\", reference:\"2.11+dfsg-0.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"cpio-win32\", reference:\"2.11+dfsg-0.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:44:02", "description": "From Red Hat Security Advisory 2015:2108 :\n\nUpdated cpio packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file() function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash cpio, or potentially lead to arbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a read() system call failure. Based on the premise that the call succeeded, cpio terminated unexpectedly with a segmentation fault without processing further files. The underlying source code has been patched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat Enterprise Linux 7 with Russian as the default language resulted in an error message that was not accurate in Russian due to an error in spelling. This has been corrected and the Russian error message is spelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : cpio (ELSA-2015-2108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:cpio", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-2108.NASL", "href": "https://www.tenable.com/plugins/nessus/87021", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2108 and \n# Oracle Linux Security Advisory ELSA-2015-2108 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87021);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_xref(name:\"RHSA\", value:\"2015:2108\");\n\n script_name(english:\"Oracle Linux 7 : cpio (ELSA-2015-2108)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2108 :\n\nUpdated cpio packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and\nextracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file()\nfunction. An attacker could provide a specially crafted archive that,\nwhen processed by cpio, would crash cpio, or potentially lead to\narbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call\nsucceeded, cpio terminated unexpectedly with a segmentation fault\nwithout processing further files. The underlying source code has been\npatched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in\nspelling. This has been corrected and the Russian error message is\nspelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005553.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cpio-2.11-24.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:52", "description": "Updated cpio packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file() function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash cpio, or potentially lead to arbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a read() system call failure. Based on the premise that the call succeeded, cpio terminated unexpectedly with a segmentation fault without processing further files. The underlying source code has been patched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat Enterprise Linux 7 with Russian as the default language resulted in an error message that was not accurate in Russian due to an error in spelling. This has been corrected and the Russian error message is spelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-20T00:00:00", "type": "nessus", "title": "RHEL 7 : cpio (RHSA-2015:2108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cpio", "p-cpe:/a:redhat:enterprise_linux:cpio-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-2108.NASL", "href": "https://www.tenable.com/plugins/nessus/86969", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2108. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86969);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_xref(name:\"RHSA\", value:\"2015:2108\");\n\n script_name(english:\"RHEL 7 : cpio (RHSA-2015:2108)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cpio packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and\nextracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file()\nfunction. An attacker could provide a specially crafted archive that,\nwhen processed by cpio, would crash cpio, or potentially lead to\narbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call\nsucceeded, cpio terminated unexpectedly with a segmentation fault\nwithout processing further files. The underlying source code has been\npatched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in\nspelling. This has been corrected and the Russian error message is\nspelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9112\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cpio and / or cpio-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cpio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2108\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"cpio-2.11-24.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cpio-2.11-24.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"cpio-debuginfo-2.11-24.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cpio-debuginfo-2.11-24.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio / cpio-debuginfo\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:46:33", "description": "Multiple issues have been identified in cpio, including a buffer overflow and multiple NULL pointer dereference, resulting at least in a denial of service and possibly also in an unwanted code execution.\n\nThis has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by applying the upstream patches.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-111-1 : cpio security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:cpio", "p-cpe:/a:debian:debian_linux:cpio-win32", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-111.NASL", "href": "https://www.tenable.com/plugins/nessus/82095", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-111-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82095);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_bugtraq_id(71248);\n\n script_name(english:\"Debian DLA-111-1 : cpio security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple issues have been identified in cpio, including a buffer\noverflow and multiple NULL pointer dereference, resulting at least in\na denial of service and possibly also in an unwanted code execution.\n\nThis has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by\napplying the upstream patches.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/cpio\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected cpio, and cpio-win32 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cpio-win32\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"cpio\", reference:\"2.11-4+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cpio-win32\", reference:\"2.11-4+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:25", "description": "This cpio update fixes the following security issue :\n\n - heap-based buffer overflow flaw in list_file() (CVE-2014-9112). (bnc#907456)", "cvss3": {"score": null, "vector": null}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : cpio (SAT Patch Number 10070)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:cpio", "p-cpe:/a:novell:suse_linux:11:cpio-lang", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_CPIO-141204.NASL", "href": "https://www.tenable.com/plugins/nessus/80165", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80165);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9112\");\n\n script_name(english:\"SuSE 11.3 Security Update : cpio (SAT Patch Number 10070)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This cpio update fixes the following security issue :\n\n - heap-based buffer overflow flaw in list_file()\n (CVE-2014-9112). (bnc#907456)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=907456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9112.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10070.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cpio-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"cpio-2.9-75.78.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"cpio-lang-2.9-75.78.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"cpio-2.9-75.78.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"cpio-lang-2.9-75.78.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"cpio-2.9-75.78.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"cpio-lang-2.9-75.78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:35", "description": "This cpio update fixes the following secuirty issue :\n\n - fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112)", "cvss3": {"score": null, "vector": null}, "published": "2014-12-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : cpio (openSUSE-SU-2014:1643-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cpio", "p-cpe:/a:novell:opensuse:cpio-debuginfo", "p-cpe:/a:novell:opensuse:cpio-debugsource", "p-cpe:/a:novell:opensuse:cpio-lang", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2014-771.NASL", "href": "https://www.tenable.com/plugins/nessus/80044", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-771.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80044);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9112\");\n\n script_name(english:\"openSUSE Security Update : cpio (openSUSE-SU-2014:1643-1)\");\n script_summary(english:\"Check for the openSUSE-2014-771 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This cpio update fixes the following secuirty issue :\n\n - fix an OOB write with cpio -i (bnc#907456)\n (CVE-2014-9112)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00061.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cpio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cpio-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cpio-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"cpio-2.11-21.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"cpio-debuginfo-2.11-21.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"cpio-debugsource-2.11-21.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"cpio-lang-2.11-21.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cpio-2.11-25.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cpio-debuginfo-2.11-25.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cpio-debugsource-2.11-25.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cpio-lang-2.11-25.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cpio-2.11-29.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cpio-debuginfo-2.11-29.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cpio-debugsource-2.11-29.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cpio-lang-2.11-29.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio / cpio-debuginfo / cpio-debugsource / cpio-lang\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:32", "description": "Security fix for CVE-2014-9112 (#1167573)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-18T00:00:00", "type": "nessus", "title": "Fedora 21 : cpio-2.11-33.fc21 (2014-16168)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cpio", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-16168.NASL", "href": "https://www.tenable.com/plugins/nessus/80089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16168.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80089);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_xref(name:\"FEDORA\", value:\"2014-16168\");\n\n script_name(english:\"Fedora 21 : cpio-2.11-33.fc21 (2014-16168)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9112 (#1167573)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167571\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146364.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c72b40a5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"cpio-2.11-33.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:46:40", "description": "Updated cpio package fixes security vulnerability :\n\nIn GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory.\nHowever, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory (CVE-2015-1197).", "cvss3": {"score": null, "vector": null}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : cpio (MDVSA-2015:066)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1197"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:cpio", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2015-066.NASL", "href": "https://www.tenable.com/plugins/nessus/82319", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:066. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82319);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1197\");\n script_bugtraq_id(71914);\n script_xref(name:\"MDVSA\", value:\"2015:066\");\n\n script_name(english:\"Mandriva Linux Security Advisory : cpio (MDVSA-2015:066)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cpio package fixes security vulnerability :\n\nIn GNU Cpio 2.11, the --no-absolute-filenames option limits extracting\ncontents of an archive to be strictly inside a current directory.\nHowever, it can be bypassed with symlinks. While extracting an\narchive, it will extract symlinks and then follow them if they are\nreferenced in further entries. This can be exploited by a rogue\narchive to write files outside the current directory (CVE-2015-1197).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0080.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"cpio-2.11-3.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:13:24", "description": "According to the version of the cpio package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.(CVE-2015-1197)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : cpio (EulerOS-SA-2020-1962)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1197"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cpio", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1962.NASL", "href": "https://www.tenable.com/plugins/nessus/140332", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140332);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-1197\"\n );\n script_bugtraq_id(\n 71914\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : cpio (EulerOS-SA-2020-1962)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the cpio package installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - cpio 2.11, when using the --no-absolute-filenames\n option, allows local users to write to arbitrary files\n via a symlink attack on a file in an\n archive.(CVE-2015-1197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1962\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a8b4e757\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1197\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"cpio-2.12-12.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:47:12", "description": "Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-09T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0624", "CVE-2014-9112"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:cpio", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2456-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80441", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2456-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80441);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-0624\", \"CVE-2014-9112\");\n script_bugtraq_id(38628, 71248);\n script_xref(name:\"USN\", value:\"2456-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered an out of bounds write issue in the\nprocess_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2456-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cpio\", pkgver:\"2.10-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cpio\", pkgver:\"2.11-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:10", "description": "According to the versions of the cpio package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio supports the following archive formats: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 tar. By default, cpio creates binary format archives, so that they are compatible with older cpio programs. When it is extracting files from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created on machines with a different byte-order.\n\n - Security Fix(es)\n\n - The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.(CVE-2016-2037)\n\n - cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.(CVE-2015-1197)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : cpio (EulerOS-SA-2016-1041)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1197", "CVE-2016-2037"], "modified": "2021-04-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cpio", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1041.NASL", "href": "https://www.tenable.com/plugins/nessus/99804", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99804);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\n \"CVE-2015-1197\",\n \"CVE-2016-2037\"\n );\n script_bugtraq_id(\n 71914\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : cpio (EulerOS-SA-2016-1041)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the cpio package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - GNU cpio copies files into or out of a cpio or tar\n archive. Archives are files which contain a collection\n of other files plus information about them, such as\n their file name, owner, timestamps, and access\n permissions. The archive can be another file on the\n disk, a magnetic tape, or a pipe. GNU cpio supports the\n following archive formats: binary, old ASCII, new\n ASCII, crc, HPUX binary, HPUX old ASCII, old tar and\n POSIX.1 tar. By default, cpio creates binary format\n archives, so that they are compatible with older cpio\n programs. When it is extracting files from archives,\n cpio automatically recognizes which kind of archive it\n is reading and can read archives created on machines\n with a different byte-order.\n\n - Security Fix(es)\n\n - The cpio_safer_name_suffix function in util.c in cpio\n 2.11 allows remote attackers to cause a denial of\n service (out-of-bounds write) via a crafted cpio\n file.(CVE-2016-2037)\n\n - cpio 2.11, when using the --no-absolute-filenames\n option, allows local users to write to arbitrary files\n via a symlink attack on a file in an\n archive.(CVE-2015-1197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1041\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68e470e0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cpio packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"cpio-2.11-24.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:42:50", "description": "Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no-absolute-filenames option. If a user or automated system were tricked into extracting a specially crafted cpio archive, a remote attacker could possibly use this issue to write arbitrary files. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-1197)\n\nGustavo Grieco discovered that GNU cpio incorrectly handled memory when extracting archive files. If a user or automated system were tricked into extracting a specially crafted cpio archive, a remote attacker could use this issue to cause GNU cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-2037).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2016-02-23T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : cpio vulnerabilities (USN-2906-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1197", "CVE-2016-2037"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:cpio", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2906-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2906-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88894);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1197\", \"CVE-2016-2037\");\n script_xref(name:\"USN\", value:\"2906-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : cpio vulnerabilities (USN-2906-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alexander Cherepanov discovered that GNU cpio incorrectly handled\nsymbolic links when used with the --no-absolute-filenames option. If a\nuser or automated system were tricked into extracting a specially\ncrafted cpio archive, a remote attacker could possibly use this issue\nto write arbitrary files. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2015-1197)\n\nGustavo Grieco discovered that GNU cpio incorrectly handled memory\nwhen extracting archive files. If a user or automated system were\ntricked into extracting a specially crafted cpio archive, a remote\nattacker could use this issue to cause GNU cpio to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2016-2037).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2906-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cpio\", pkgver:\"2.11-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-4.1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:18:23", "description": "Sergey Poznyakoff reports :\n\nThis stable release fixes several potential vulnerabilities\n\nCVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.\n\nCVE-2016-2037: The cpio_safer_name_suffix function in util.c allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.\n\nCVE-2019-14866: Improper input validation when writing tar header fields leads to unexpected tar generation.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-18T00:00:00", "type": "nessus", "title": "FreeBSD : GNU cpio -- multiple vulnerabilities (f59af308-07f3-11ea-8c56-f8b156b6dcc8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1197", "CVE-2016-2037", "CVE-2019-14866"], "modified": "2020-01-15T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:gcpio", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F59AF30807F311EA8C56F8B156B6DCC8.NASL", "href": "https://www.tenable.com/plugins/nessus/131109", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131109);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2015-1197\", \"CVE-2016-2037\", \"CVE-2019-14866\");\n\n script_name(english:\"FreeBSD : GNU cpio -- multiple vulnerabilities (f59af308-07f3-11ea-8c56-f8b156b6dcc8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sergey Poznyakoff reports :\n\nThis stable release fixes several potential vulnerabilities\n\nCVE-2015-1197: cpio, when using the --no-absolute-filenames option,\nallows local users to write to arbitrary files via a symlink attack on\na file in an archive.\n\nCVE-2016-2037: The cpio_safer_name_suffix function in util.c allows\nremote attackers to cause a denial of service (out-of-bounds write)\nvia a crafted cpio file.\n\nCVE-2019-14866: Improper input validation when writing tar header\nfields leads to unexpected tar generation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f59af308-07f3-11ea-8c56-f8b156b6dcc8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?285de746\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14866\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gcpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gcpio<2.13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:20", "description": "Gentoo Linux Local Security Checks GLSA 201502-11", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201502-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112", "CVE-2015-1197"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121350", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201502-11.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121350\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:32 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201502-11\");\n script_tag(name:\"insight\", value:\"Two vulnerabilities have been discovered in GNU cpio:\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201502-11\");\n script_cve_id(\"CVE-2014-9112\", \"CVE-2015-1197\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201502-11\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-arch/cpio\", unaffected: make_list(\"ge 2.11-r3\"), vulnerable: make_list(\"lt 2.11-r3\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-20T00:00:00", "type": "openvas", "title": "RedHat Update for cpio RHSA-2015:2108-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871486", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for cpio RHSA-2015:2108-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871486\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:20:39 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2014-9112\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for cpio RHSA-2015:2108-03\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cpio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The cpio packages provide the GNU cpio\nutility for creating and extracting archives, or copying files from one place\nto another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file() function.\nAn attacker could provide a specially crafted archive that, when processed\nby cpio, would crash cpio, or potentially lead to arbitrary code execution.\n(CVE-2014-9112)\n\nThis update fixes the following bugs:\n\n * Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call succeeded,\ncpio terminated unexpectedly with a segmentation fault without processing\nfurther files. The underlying source code has been patched, and an archive\nis now created successfully. (BZ#1138148)\n\n * Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in spelling.\nThis has been corrected and the Russian error message is spelled correctly.\n(BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"cpio on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2108-03\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00020.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"cpio\", rpm:\"cpio~2.11~24.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cpio-debuginfo\", rpm:\"cpio-debuginfo~2.11~24.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:35", "description": "Michal Zalewski discovered\nan out of bounds write issue in cpio, a tool for creating and extracting cpio\narchive files. In the process of fixing that issue, the cpio developers found\nand fixed additional range checking and null pointer dereference issues.", "cvss3": {}, "published": "2014-12-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3111-1 (cpio - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703111", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3111.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 3111-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703111\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-9112\");\n script_name(\"Debian Security Advisory DSA 3111-1 (cpio - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-22 00:00:00 +0100 (Mon, 22 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3111.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"cpio on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthis problem has been fixed in version 2.11+dfsg-0.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.11+dfsg-4.\n\nWe recommend that you upgrade your cpio packages.\");\n script_tag(name:\"summary\", value:\"Michal Zalewski discovered\nan out of bounds write issue in cpio, a tool for creating and extracting cpio\narchive files. In the process of fixing that issue, the cpio developers found\nand fixed additional range checking and null pointer dereference issues.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11+dfsg-0.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"cpio-win32\", ver:\"2.11+dfsg-0.1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:38", "description": "Oracle Linux Local Security Checks ELSA-2015-2108", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2108", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122738", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2108.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122738\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:16 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2108\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2108 - cpio security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2108\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2108.html\");\n script_cve_id(\"CVE-2014-9112\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"cpio\", rpm:\"cpio~2.11~24.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-05T00:00:00", "type": "openvas", "title": "Fedora Update for cpio FEDORA-2014-16168", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cpio FEDORA-2014-16168\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868805\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:54:24 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-9112\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for cpio FEDORA-2014-16168\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cpio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"cpio on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16168\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146364.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"cpio\", rpm:\"cpio~2.11~33.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-28T10:49:05", "description": "Michal Zalewski discovered\nan out of bounds write issue in cpio, a tool for creating and extracting cpio\narchive files. In the process of fixing that issue, the cpio developers found\nand fixed additional range checking and null pointer dereference issues.", "cvss3": {}, "published": "2014-12-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3111-1 (cpio - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2017-07-13T00:00:00", "id": "OPENVAS:703111", "href": "http://plugins.openvas.org/nasl.php?oid=703111", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3111.nasl 6715 2017-07-13 09:57:40Z teissa $\n# Auto-generated from advisory DSA 3111-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703111);\n script_version(\"$Revision: 6715 $\");\n script_cve_id(\"CVE-2014-9112\");\n script_name(\"Debian Security Advisory DSA 3111-1 (cpio - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-13 11:57:40 +0200 (Thu, 13 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-22 00:00:00 +0100 (Mon, 22 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3111.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"cpio on Debian Linux\");\n script_tag(name: \"insight\", value: \"GNU cpio is a tool for creating\nand extracting archives, or copying files from one place to another. It handles\na number of cpio formats as well as reading and writing tar files.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 2.11+dfsg-0.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.11+dfsg-4.\n\nWe recommend that you upgrade your cpio packages.\");\n script_tag(name: \"summary\", value: \"Michal Zalewski discovered\nan out of bounds write issue in cpio, a tool for creating and extracting cpio\narchive files. In the process of fixing that issue, the cpio developers found\nand fixed additional range checking and null pointer dereference issues.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11+dfsg-0.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cpio-win32\", ver:\"2.11+dfsg-0.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for cpio USN-2456-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842040", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for cpio USN-2456-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842040\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:57:52 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-9112\", \"CVE-2010-0624\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for cpio USN-2456-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cpio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Michal Zalewski discovered an out of bounds\nwrite issue in the process_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624)\");\n script_tag(name:\"affected\", value:\"cpio on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2456-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2456-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11+dfsg-2ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11+dfsg-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11-7ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.10-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2016-1041)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1197", "CVE-2016-2037"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161041", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161041", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1041\");\n script_version(\"2020-01-23T10:40:06+0000\");\n script_cve_id(\"CVE-2015-1197\", \"CVE-2016-2037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:40:06 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:40:06 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2016-1041)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1041\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1041\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'cpio' package(s) announced via the EulerOS-SA-2016-1041 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.(CVE-2016-2037)\n\ncpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.(CVE-2015-1197)\");\n\n script_tag(name:\"affected\", value:\"'cpio' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cpio\", rpm:\"cpio~2.11~24.h2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-02-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for cpio USN-2906-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1197", "CVE-2016-2037"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842652", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for cpio USN-2906-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842652\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-23 06:25:53 +0100 (Tue, 23 Feb 2016)\");\n script_cve_id(\"CVE-2015-1197\", \"CVE-2016-2037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for cpio USN-2906-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cpio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Alexander Cherepanov discovered that GNU\n cpio incorrectly handled symbolic links when used with the --no-absolute-filenames\n option. If a user or automated system were tricked into extracting a\n specially-crafted cpio archive, a remote attacker could possibly use this issue\n to write arbitrary files. This issue only affected Ubuntu 12.04 LTS and\n Ubuntu 14.04 LTS. (CVE-2015-1197)\n\n Gustavo Grieco discovered that GNU cpio incorrectly handled memory when\n extracting archive files. If a user or automated system were tricked into\n extracting a specially-crafted cpio archive, a remote attacker could use\n this issue to cause GNU cpio to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2016-2037)\");\n script_tag(name:\"affected\", value:\"cpio on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2906-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2906-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11+dfsg-1ubuntu1.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11-7ubuntu3.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11+dfsg-4.1ubuntu1.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:07:10", "description": "### Background\n\nGNU cpio copies files into or out of a cpio or tar archive.\n\n### Description\n\nTwo vulnerabilities have been discovered in GNU cpio:\n\n * The list_file function in GNU cpio contains a heap-based buffer overflow vulnerability (CVE-2014-9112) \n * A directory traversal vulnerability has been found in GNU cpio (CVE-2015-1197) \n\n### Impact\n\nA remote attacker may be able to entice a user to open a specially crafted archive using GNU cpio, possibly resulting in execution of arbitrary code, a Denial of Service condition, or overwriting arbitrary files. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU cpio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/cpio-2.11-r3\"", "cvss3": {}, "published": "2015-02-15T00:00:00", "type": "gentoo", "title": "GNU cpio: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112", "CVE-2015-1197"], "modified": "2015-02-15T00:00:00", "id": "GLSA-201502-11", "href": "https://security.gentoo.org/glsa/201502-11", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:47", "description": "A heap-based buffer overflow flaw was reported in cpio's list_file()\nfunction. Attempting to extract a malicious cpio archive could cause\ncpio to crash or, potentially, execute arbitrary code.\nAs noted in the original report, this issue could be trigger via other\nutilities, such as when running &quot;less&quot;.", "edition": 2, "cvss3": {}, "published": "2015-01-14T00:00:00", "type": "archlinux", "title": "cpio: heap buffer overflow", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2015-01-14T00:00:00", "id": "ASA-201501-5", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:42", "description": "It was reported that cpio is vulnerable to a directory traversal\nvulnerability when using the --no-absolute-filenames option. While\nextracting an archive, it will extract symlinks and then follow them if\nthey are referenced in further entries. This can be exploited by a rogue\narchive to write to files outside the current directory.", "edition": 2, "cvss3": {}, "published": "2015-03-23T00:00:00", "type": "archlinux", "title": "cpio: directory traversal", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1197"], "modified": "2015-03-23T00:00:00", "id": "ASA-201503-22", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2021-10-23T22:33:47", "description": "Package : cpio\nVersion : 2.11-4+deb6u1\nCVE ID : CVE-2014-9112\nDebian Bug : 772793\n\nMultiple issues have been identified in cpio, including a buffer overflow\nand multiple NULL pointer dereference, resulting at least in a denial of\nservice and possibly also in an unwanted code execution.\n\nThis has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by\napplying the upstream patches.\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2014-12-15T14:18:40", "type": "debian", "title": "[SECURITY] [DLA 111-1] cpio security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2014-12-15T14:18:40", "id": "DEBIAN:DLA-111-1:B5528", "href": "https://lists.debian.org/debian-lts-announce/2014/12/msg00014.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T23:00:02", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3111-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nDecember 22, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : cpio\nCVE ID : CVE-2014-9112\nDebian Bug : 772793\n\nMichal Zalewski discovered an out of bounds write issue in cpio, a tool\nfor creating and extracting cpio archive files. In the process of\nfixing that issue, the cpio developers found and fixed additional\nrange checking and null pointer dereference issues.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.11+dfsg-0.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.11+dfsg-4.\n\nWe recommend that you upgrade your cpio packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-12-23T00:55:26", "type": "debian", "title": "[SECURITY] [DSA 3111-1] cpio security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2014-12-23T00:55:26", "id": "DEBIAN:DSA-3111-1:0F282", "href": "https://lists.debian.org/debian-security-announce/2014/msg00301.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-02T11:31:36", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3111-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nDecember 22, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : cpio\nCVE ID : CVE-2014-9112\nDebian Bug : 772793\n\nMichal Zalewski discovered an out of bounds write issue in cpio, a tool\nfor creating and extracting cpio archive files. In the process of\nfixing that issue, the cpio developers found and fixed additional\nrange checking and null pointer dereference issues.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.11+dfsg-0.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.11+dfsg-4.\n\nWe recommend that you upgrade your cpio packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-12-23T00:55:26", "type": "debian", "title": "[SECURITY] [DSA 3111-1] cpio security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2014-12-23T00:55:26", "id": "DEBIAN:DSA-3111-1:5E46C", "href": "https://lists.debian.org/debian-security-announce/2014/msg00301.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-10-21T04:43:10", "description": "The cpio packages provide the GNU cpio utility for creating and extracting\narchives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file() function.\nAn attacker could provide a specially crafted archive that, when processed\nby cpio, would crash cpio, or potentially lead to arbitrary code execution.\n(CVE-2014-9112)\n\nThis update fixes the following bugs:\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call succeeded,\ncpio terminated unexpectedly with a segmentation fault without processing\nfurther files. The underlying source code has been patched, and an archive\nis now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in spelling.\nThis has been corrected and the Russian error message is spelled correctly.\n(BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "cvss3": {}, "published": "2015-11-19T14:43:07", "type": "redhat", "title": "(RHSA-2015:2108) Moderate: cpio security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2018-04-11T23:31:37", "id": "RHSA-2015:2108", "href": "https://access.redhat.com/errata/RHSA-2015:2108", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2021-12-30T21:45:27", "description": "## Summary\n\nA vulnerability in GNU cpio (CVE-2014-9112) affects PowerKVM.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-9112_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112>)** \nDESCRIPTION:** GNU cpio is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the process_copy_in() function. By persuading a victim to extract a specially-crafted archive file, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99130_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99130>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nFix is made available via Fix Central ([_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>)) for v2.1 in 2.1.1 Build 65.5 and all later 2.1.1 SP3 service builds and 2.1.1 fix packs. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>) for 3.1 service build 2 or later. \n \nFor systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using \"yum update\".\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n27 January 2016 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1;3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {}, "published": "2018-06-18T01:30:30", "type": "ibm", "title": "Security Bulletin: Vulnerability in cpio affects PowerKVM (CVE-2014-9112)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2018-06-18T01:30:30", "id": "5529999D22DF530DD7F6C74ED907B3757C4735BFDD34C459E7784C3A7B339C43", "href": "https://www.ibm.com/support/pages/node/682113", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:250\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : cpio\r\n Date : December 14, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated cpio package fixes security vulnerability:\r\n \r\n Heap-based buffer overflow in the process_copy_in function in GNU\r\n Cpio 2.11 allows remote attackers to cause a denial of service via\r\n a large block value in a cpio archive &#40;CVE-2014-9112&#41;.\r\n \r\n Additionally, a null pointer dereference in the copyin_link function\r\n which could cause a denial of service has also been fixed.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112\r\n http://advisories.mageia.org/MGASA-2014-0528.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n d5a932108438d02e4f6688c9c04a0541 mbs1/x86_64/cpio-2.11-3.1.mbs1.x86_64.rpm \r\n d3686a694c45e2304a6bc1f946361907 mbs1/SRPMS/cpio-2.11-3.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFUjeZ5mqjQ0CJFipgRAiKuAJ0YOWAojKPW/wSM5cR3A342ZX+p1gCfWCq1\r\nAz2Mrc3Syzwe1uD21zAOEDE=\r\n=QY48\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-12-22T00:00:00", "title": "[ MDVSA-2014:250 ] cpio", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:DOC:31537", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31537", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "description": "Buffer overflow in process_copy_in&#40;&#41; function.", "edition": 1, "cvss3": {}, "published": "2014-12-22T00:00:00", "title": "GNU cpio buffer overflow", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:VULN:14167", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14167", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:58", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:066\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : cpio\r\n Date : March 27, 2015\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated cpio package fixes security vulnerability:\r\n \r\n In GNU Cpio 2.11, the --no-absolute-filenames option limits\r\n extracting contents of an archive to be strictly inside a current\r\n directory. However, it can be bypassed with symlinks. While extracting\r\n an archive, it will extract symlinks and then follow them if they\r\n are referenced in further entries. This can be exploited by a rogue\r\n archive to write files outside the current directory &#40;CVE-2015-1197&#41;.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197\r\n http://advisories.mageia.org/MGASA-2015-0080.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 0a3f9d35c8cdf60f6aa34dd8fe95a915 mbs1/x86_64/cpio-2.11-3.2.mbs1.x86_64.rpm \r\n 4962644977a7fa8da61ef6f4b269cff5 mbs1/SRPMS/cpio-2.11-3.2.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFVFVf/mqjQ0CJFipgRArC5AKCrjADYDy0ZFmElCSuG+8SCnvKCCACgsQ+c\r\nmkkuPPTdXy0r/Vy6ka5u4zQ=\r\n=qmJW\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-04-20T00:00:00", "title": "[ MDVSA-2015:066 ] cpio", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1197"], "modified": "2015-04-20T00:00:00", "id": "SECURITYVULNS:DOC:31953", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31953", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:59", "description": "Directory traversal and symbolic links vulnerability in cpio implementation.", "edition": 1, "cvss3": {}, "published": "2015-04-20T00:00:00", "title": "libarchive directory traversal", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1197", "CVE-2015-2304"], "modified": "2015-04-20T00:00:00", "id": "SECURITYVULNS:VULN:14320", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14320", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive (CVE-2014-9112). Additionally, a null pointer dereference in the copyin_link function which could cause a denial of service has also been fixed. \n", "cvss3": {}, "published": "2014-12-14T14:10:39", "type": "mageia", "title": "Updated cpio package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2014-12-14T14:10:39", "id": "MGASA-2014-0528", "href": "https://advisories.mageia.org/MGASA-2014-0528.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory. However, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory (CVE-2015-1197). \n", "cvss3": {}, "published": "2015-02-19T14:43:07", "type": "mageia", "title": "Updated cpio package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1197", "CVE-2015-1197"], "modified": "2015-02-19T14:43:07", "id": "MGASA-2015-0080", "href": "https://advisories.mageia.org/MGASA-2015-0080.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "in cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive (CVE-2015-1197). Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation (CVE-2019-14866). cpio has been updated to 2.13 that fixes theese issues. \n", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-11-14T16:58:51", "type": "mageia", "title": "Updated cpio packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1197", "CVE-2019-14866"], "modified": "2019-11-14T16:58:51", "id": "MGASA-2019-0326", "href": "https://advisories.mageia.org/MGASA-2019-0326.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio supports the following archive formats: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 tar. By default, cpio creates binary format archives, so that they are compatible with older cpio programs. When it is extracting files from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created on machines with a different byte-order. Install cpio if you need a program to manage file archives. ", "edition": 2, "cvss3": {}, "published": "2015-01-06T06:09:24", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: cpio-2.11-28.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2015-01-06T06:09:24", "id": "FEDORA:A046460C813F", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "GNU cpio copies files into or out of a cpio or tar archive. Archives are files which contain a collection of other files plus information about them, such as their file name, owner, timestamps, and access permissions. The archive can be another file on the disk, a magnetic tape, or a pipe. GNU cpio supports the following archive formats: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1 tar. By default, cpio creates binary format archives, so that they are compatible with older cpio programs. When it is extracting files from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created on machines with a different byte-order. Install cpio if you need a program to manage file archives. ", "edition": 2, "cvss3": {}, "published": "2014-12-18T06:06:28", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: cpio-2.11-33.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2014-12-18T06:06:28", "id": "FEDORA:7F20B608780C", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:50:48", "description": "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11\nallows remote attackers to cause a denial of service via a large block\nvalue in a cpio archive.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772793>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | PoC: http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio\n", "cvss3": {}, "published": "2014-12-02T00:00:00", "type": "ubuntucve", "title": "CVE-2014-9112", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2014-12-02T00:00:00", "id": "UB:CVE-2014-9112", "href": "https://ubuntu.com/security/CVE-2014-9112", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:50:18", "description": "cpio 2.11, when using the --no-absolute-filenames option, allows local\nusers to write to arbitrary files via a symlink attack on a file in an\narchive.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669>\n * <https://bugzilla.suse.com/show_bug.cgi?id=658010>\n", "cvss3": {}, "published": "2015-02-19T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1197", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1197"], "modified": "2015-02-19T00:00:00", "id": "UB:CVE-2015-1197", "href": "https://ubuntu.com/security/CVE-2015-1197", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:20:53", "description": "[2.11-24]\n- fix for CVE-2014-9112\n[2.11-23]\n- better check for read() error (rhbz#1138148)\n- fix ru translation (rhbz#1075513)", "cvss3": {}, "published": "2015-11-23T00:00:00", "type": "oraclelinux", "title": "cpio security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9112"], "modified": "2015-11-23T00:00:00", "id": "ELSA-2015-2108", "href": "http://linux.oracle.com/errata/ELSA-2015-2108.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:47:25", "description": "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.", "cvss3": {}, "published": "2014-12-02T16:59:00", "type": "debiancve", "title": "CVE-2014-9112", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2014-12-02T16:59:00", "id": "DEBIANCVE:CVE-2014-9112", "href": "https://security-tracker.debian.org/tracker/CVE-2014-9112", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-14T17:47:25", "description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", "cvss3": {}, "published": "2015-02-19T15:59:00", "type": "debiancve", "title": "CVE-2015-1197", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1197"], "modified": "2015-02-19T15:59:00", "id": "DEBIANCVE:CVE-2015-1197", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1197", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2022-02-27T16:06:33", "description": "**CentOS Errata and Security Advisory** CESA-2015:2108\n\n\nThe cpio packages provide the GNU cpio utility for creating and extracting\narchives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file() function.\nAn attacker could provide a specially crafted archive that, when processed\nby cpio, would crash cpio, or potentially lead to arbitrary code execution.\n(CVE-2014-9112)\n\nThis update fixes the following bugs:\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call succeeded,\ncpio terminated unexpectedly with a segmentation fault without processing\nfurther files. The underlying source code has been patched, and an archive\nis now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in spelling.\nThis has been corrected and the Russian error message is spelled correctly.\n(BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2015-November/015064.html\n\n**Affected packages:**\ncpio\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:2108", "cvss3": {}, "published": "2015-11-30T19:26:10", "type": "centos", "title": "cpio security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2015-11-30T19:26:10", "id": "CESA-2015:2108", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2015-November/015064.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T15:19:00", "description": "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.", "cvss3": {}, "published": "2014-12-02T16:59:00", "type": "cve", "title": "CVE-2014-9112", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:gnu:cpio:2.11", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2014-9112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9112", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:cpio:2.11:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:52:25", "description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", "cvss3": {}, "published": "2015-02-19T15:59:00", "type": "cve", "title": "CVE-2015-1197", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1197"], "modified": "2016-12-06T02:59:00", "cpe": ["cpe:/a:gnu:cpio:2.11"], "id": "CVE-2015-1197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1197", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:gnu:cpio:2.11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:37:24", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This candidate is a duplicate of CVE-2015-1197. Notes: All CVE users should reference CVE-2015-1197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2018-01-29T19:29:00", "type": "cve", "title": "CVE-2017-7516", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2015-1197", "CVE-2017-7516"], "modified": "2018-02-20T19:39:00", "cpe": [], "id": "CVE-2017-7516", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7516", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "ubuntu": [{"lastseen": "2022-01-04T12:45:26", "description": "Michal Zalewski discovered an out of bounds write issue in the \nprocess_copy_in function of GNU cpio. An attacker could specially \ncraft a cpio archive that could create a denial of service or possibly \nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__ \nfunction of GNU cpio's rmt client functionality. An attacker \ncontrolling a remote rmt server could use this to cause a denial of \nservice or possibly execute arbitrary code. This issue only affected \nUbuntu 10.04 LTS. (CVE-2010-0624)\n", "cvss3": {}, "published": "2015-01-08T00:00:00", "type": "ubuntu", "title": "GNU cpio vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "modified": "2015-01-08T00:00:00", "id": "USN-2456-1", "href": "https://ubuntu.com/security/notices/USN-2456-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:30:39", "description": "Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic \nlinks when used with the --no-absolute-filenames option. If a user or \nautomated system were tricked into extracting a specially-crafted cpio \narchive, a remote attacker could possibly use this issue to write arbitrary \nfiles. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2015-1197)\n\nGustavo Grieco discovered that GNU cpio incorrectly handled memory when \nextracting archive files. If a user or automated system were tricked into \nextracting a specially-crafted cpio archive, a remote attacker could use \nthis issue to cause GNU cpio to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2016-2037)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-02-22T00:00:00", "type": "ubuntu", "title": "GNU cpio vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1197", "CVE-2016-2037"], "modified": "2016-02-22T00:00:00", "id": "USN-2906-1", "href": "https://ubuntu.com/security/notices/USN-2906-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-01-21T00:03:44", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This candidate is a duplicate of CVE-2015-1197. Notes: All CVE users should reference CVE-2015-1197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.\n", "cvss3": {}, "published": "2018-01-29T12:50:11", "type": "redhatcve", "title": "CVE-2017-7516", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1197", "CVE-2017-7516"], "modified": "2022-01-20T22:41:31", "id": "RH:CVE-2017-7516", "href": "https://access.redhat.com/security/cve/cve-2017-7516", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nSergey Poznyakoff reports:\n\nThis stable release fixes several potential vulnerabilities\nCVE-2015-1197: cpio, when using the --no-absolute-filenames\n\t option, allows local users to write to arbitrary files\n\t via a symlink attack on a file in an archive.\nCVE-2016-2037: The cpio_safer_name_suffix function in\n\t util.c allows remote attackers to cause a denial of service\n\t (out-of-bounds write) via a crafted cpio file.\nCVE-2019-14866: Improper input validation when writing\n\t tar header fields leads to unexpected tar generation.\n\n\n", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-06T00:00:00", "type": "freebsd", "title": "GNU cpio -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1197", "CVE-2016-2037", "CVE-2019-14866"], "modified": "2019-11-06T00:00:00", "id": "F59AF308-07F3-11EA-8C56-F8B156B6DCC8", "href": "https://vuxml.freebsd.org/freebsd/f59af308-07f3-11ea-8c56-f8b156b6dcc8.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}