Scientific Linux Security Update to fix heap-based buffer overflow flaw in cpi
Reporter | Title | Published | Views | Family All 51 |
---|---|---|---|---|
![]() | [SECURITY] [DLA 111-1] cpio security update | 15 Dec 201414:18 | – | debian |
![]() | [SECURITY] [DSA 3111-1] cpio security update | 23 Dec 201400:55 | – | debian |
![]() | [SECURITY] [DSA 3111-1] cpio security update | 23 Dec 201400:55 | – | debian |
![]() | Updated cpio package fixes security vulnerability | 14 Dec 201417:10 | – | mageia |
![]() | Debian DLA-111-1 : cpio security update | 26 Mar 201500:00 | – | nessus |
![]() | CentOS 7 : cpio (CESA-2015:2108) | 2 Dec 201500:00 | – | nessus |
![]() | RHEL 7 : cpio (RHSA-2015:2108) | 20 Nov 201500:00 | – | nessus |
![]() | SuSE 11.3 Security Update : cpio (SAT Patch Number 10070) | 22 Dec 201400:00 | – | nessus |
![]() | Debian DSA-3111-1 : cpio - security update | 30 Dec 201400:00 | – | nessus |
![]() | Fedora 21 : cpio-2.11-33.fc21 (2014-16168) | 18 Dec 201400:00 | – | nessus |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
nessus | www.nessus.org/u |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(87552);
script_version("2.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2014-9112");
script_name(english:"Scientific Linux Security Update : cpio on SL7.x x86_64 (20151119)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A heap-based buffer overflow flaw was found in cpio's list_file()
function. An attacker could provide a specially crafted archive that,
when processed by cpio, would crash cpio, or potentially lead to
arbitrary code execution. (CVE-2014-9112)
This update fixes the following bugs :
- Previously, during archive creation, cpio internals did
not detect a read() system call failure. Based on the
premise that the call succeeded, cpio terminated
unexpectedly with a segmentation fault without
processing further files. The underlying source code has
been patched, and an archive is now created
successfully.
- Previously, running the cpio command without parameters
on Scientific Linux 7 with Russian as the default
language resulted in an error message that was not
accurate in Russian due to an error in spelling. This
has been corrected and the Russian error message is
spelled correctly."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=10232
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?636ff134"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected cpio and / or cpio-debuginfo packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:cpio");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:cpio-debuginfo");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/02");
script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"cpio-2.11-24.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"cpio-debuginfo-2.11-24.el7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cpio / cpio-debuginfo");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo