Mandriva Linux cpio package update fixes heap-based buffer overflow, NULL pointer dereference, and symlink-related vulnerabilitie
Reporter | Title | Published | Views | Family All 123 |
---|---|---|---|---|
Gentoo Linux | GNU cpio: Multiple vulnerabilities | 15 Feb 201500:00 | – | gentoo |
FreeBSD | cpio -- multiple vulnerabilities | 27 Mar 201500:00 | – | freebsd |
FreeBSD | GNU cpio -- multiple vulnerabilities | 6 Nov 201900:00 | – | freebsd |
Tenable Nessus | FreeBSD : cpio -- multiple vulnerabilities (72ee9707-d7b2-11e4-8d8e-f8b156b6dcc8) | 1 Apr 201500:00 | – | nessus |
Tenable Nessus | GLSA-201502-11 : GNU cpio: Multiple vulnerabilities | 16 Feb 201500:00 | – | nessus |
Tenable Nessus | RHEL 5 : cpio (Unpatched Vulnerability) | 3 Jun 202400:00 | – | nessus |
Tenable Nessus | RHEL 6 : cpio (Unpatched Vulnerability) | 3 Jun 202400:00 | – | nessus |
Tenable Nessus | Debian DLA-111-1 : cpio security update | 26 Mar 201500:00 | – | nessus |
Tenable Nessus | Fedora 21 : cpio-2.11-33.fc21 (2014-16168) | 18 Dec 201400:00 | – | nessus |
Tenable Nessus | Debian DSA-3111-1 : cpio - security update | 30 Dec 201400:00 | – | nessus |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2015:065.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(82318);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2014-9112", "CVE-2015-1197");
script_xref(name:"MDVSA", value:"2015:065");
script_name(english:"Mandriva Linux Security Advisory : cpio (MDVSA-2015:065)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Mandriva Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Updated cpio package fixes security vulnerabilities :
Heap-based buffer overflow in the process_copy_in function in GNU Cpio
2.11 allows remote attackers to cause a denial of service via a large
block value in a cpio archive (CVE-2014-9112).
Additionally, a NULL pointer dereference in the copyin_link function
which could cause a denial of service has also been fixed.
In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting
contents of an archive to be strictly inside a current directory.
However, it can be bypassed with symlinks. While extracting an
archive, it will extract symlinks and then follow them if they are
referenced in further entries. This can be exploited by a rogue
archive to write files outside the current directory (CVE-2015-1197)."
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0528.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2015-0080.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected cpio package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cpio");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"cpio-2.11-7.1.mbs2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo