Lucene search

K

Gentoo FoundationGLSA-200711-18

HistoryNov 14, 2007 - 12:00 a.m.

Cpio: Buffer overflow

2007-11-1400:00:00

Gentoo Foundation

security.gentoo.org

13

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.8%

Background

GNU cpio copies files into or out of a cpio or tar archive.

Description

A buffer overflow vulnerability in the safer_name_suffix() function in GNU cpio has been discovered.

Impact

A remote attacker could entice a user to open a specially crafted archive file resulting in a stack-based buffer overflow, possibly crashing the application. It is disputed whether the execution of arbitrary code is possible.

Workaround

There is no known workaround at this time.

Resolution

All GNU cpio users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=app-arch/cpio-2.9-r1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-arch/cpio< 2.9-r1UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.8%

Related for GLSA-200711-18

debian2 fedora6 openvas44 nessus28 cve1 veracode1 osv2 securityvulns1 ubuntu2 prion1 ubuntucve1 freebsd1 debiancve1 seebug2 redhat3 oraclelinux2 centos2 vmware2