ID UBUNTU_USN-2456-1.NASL Type nessus Reporter Tenable Modified 2018-12-01T00:00:00
Description
Michal Zalewski discovered an out of bounds write issue in the
process_copy_in function of GNU cpio. An attacker could specially
craft a cpio archive that could create a denial of service or possibly
execute arbitrary code. (CVE-2014-9112)
Jakob Lell discovered a heap-based buffer overflow in the rmt_read__
function of GNU cpio's rmt client functionality. An attacker
controlling a remote rmt server could use this to cause a denial of
service or possibly execute arbitrary code. This issue only affected
Ubuntu 10.04 LTS. (CVE-2010-0624).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2456-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include("compat.inc");
if (description)
{
script_id(80441);
script_version("1.7");
script_cvs_date("Date: 2018/12/01 15:12:39");
script_cve_id("CVE-2010-0624", "CVE-2014-9112");
script_bugtraq_id(38628, 71248);
script_xref(name:"USN", value:"2456-1");
script_name(english:"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)");
script_summary(english:"Checks dpkg output for updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Ubuntu host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"Michal Zalewski discovered an out of bounds write issue in the
process_copy_in function of GNU cpio. An attacker could specially
craft a cpio archive that could create a denial of service or possibly
execute arbitrary code. (CVE-2014-9112)
Jakob Lell discovered a heap-based buffer overflow in the rmt_read__
function of GNU cpio's rmt client functionality. An attacker
controlling a remote rmt server could use this to cause a denial of
service or possibly execute arbitrary code. This issue only affected
Ubuntu 10.04 LTS. (CVE-2010-0624).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/2456-1/"
);
script_set_attribute(attribute:"solution", value:"Update the affected cpio package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cpio");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/09");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(10\.04|12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 12.04 / 14.04 / 14.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"10.04", pkgname:"cpio", pkgver:"2.10-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"cpio", pkgver:"2.11-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"cpio", pkgver:"2.11+dfsg-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"14.10", pkgname:"cpio", pkgver:"2.11+dfsg-2ubuntu1.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cpio");
}
{"id": "UBUNTU_USN-2456-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)", "description": "Michal Zalewski discovered an out of bounds write issue in the\nprocess_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2015-01-09T00:00:00", "modified": "2018-12-01T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80441", "reporter": "Tenable", "references": ["https://usn.ubuntu.com/2456-1/"], "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "type": "nessus", "lastseen": "2019-01-16T20:20:34", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:cpio", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "330a219923d9df9299f658f10760ebbd58efaafa739f46ed2b292873ebcbd2a7", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e4647c0d8c08aca7129a55bf5b360fa", "key": "published"}, {"hash": "31e7a667f36ce7931861fd6f03ff2562", "key": "href"}, {"hash": "facb28268e1917f264d516f9cbc579d8", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "abcca042386f08c394305409e8bbe29b", "key": "description"}, {"hash": "68885b121c09dbce3c35b55b4c47ffa8", "key": "pluginID"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}, {"hash": "30fcd7a32cd197eb5fe45b5f5e316333", "key": "title"}, {"hash": "f6c3952b0b93cb199f153e65a40f6d52", "key": "sourceData"}, {"hash": "48b40699da2a3a923acc49cee033624f", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80441", "id": "UBUNTU_USN-2456-1.NASL", "lastseen": "2018-08-30T19:38:05", "modified": "2018-08-03T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "80441", "published": "2015-01-09T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2456-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80441);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/08/03 12:21:24\");\n\n script_cve_id(\"CVE-2010-0624\", \"CVE-2014-9112\");\n script_bugtraq_id(38628, 71248);\n script_xref(name:\"USN\", value:\"2456-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered an out of bounds write issue in the\nprocess_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cpio\", pkgver:\"2.10-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cpio\", pkgver:\"2.11-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:38:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "1bf800e37898058f8b90d5abb0f36192b9838fc5a952d10cebfb1c7a43859e46", "hashmap": [{"hash": "32786eac6dc4ab274900f630c92f6d3c", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e4647c0d8c08aca7129a55bf5b360fa", "key": "published"}, {"hash": "ddab325b78ee84639dc78b61e4febc39", "key": "modified"}, {"hash": "31e7a667f36ce7931861fd6f03ff2562", "key": "href"}, {"hash": "facb28268e1917f264d516f9cbc579d8", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "abcca042386f08c394305409e8bbe29b", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "68885b121c09dbce3c35b55b4c47ffa8", "key": "pluginID"}, {"hash": "30fcd7a32cd197eb5fe45b5f5e316333", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80441", "id": "UBUNTU_USN-2456-1.NASL", "lastseen": "2016-09-26T17:24:24", "modified": "2016-05-24T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.2", "pluginID": "80441", "published": "2015-01-09T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2456-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80441);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/24 17:37:07 $\");\n\n script_cve_id(\"CVE-2010-0624\", \"CVE-2014-9112\");\n script_bugtraq_id(38628, 71248);\n script_osvdb_id(62857, 62950, 115187);\n script_xref(name:\"USN\", value:\"2456-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered an out of bounds write issue in the\nprocess_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cpio\", pkgver:\"2.10-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cpio\", pkgver:\"2.11-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:24"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:cpio", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a10763f091f4aee411f765bbc2583d51fccd774a0fffc97115157aeec7c94b4a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e4647c0d8c08aca7129a55bf5b360fa", "key": "published"}, {"hash": "31e7a667f36ce7931861fd6f03ff2562", "key": "href"}, {"hash": "facb28268e1917f264d516f9cbc579d8", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "abcca042386f08c394305409e8bbe29b", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "68885b121c09dbce3c35b55b4c47ffa8", "key": "pluginID"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}, {"hash": "30fcd7a32cd197eb5fe45b5f5e316333", "key": "title"}, {"hash": "f6c3952b0b93cb199f153e65a40f6d52", "key": "sourceData"}, {"hash": "48b40699da2a3a923acc49cee033624f", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80441", "id": "UBUNTU_USN-2456-1.NASL", "lastseen": "2018-08-05T11:49:12", "modified": "2018-08-03T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "80441", "published": "2015-01-09T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2456-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80441);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/08/03 12:21:24\");\n\n script_cve_id(\"CVE-2010-0624\", \"CVE-2014-9112\");\n script_bugtraq_id(38628, 71248);\n script_xref(name:\"USN\", value:\"2456-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered an out of bounds write issue in the\nprocess_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cpio\", pkgver:\"2.10-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cpio\", pkgver:\"2.11-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-05T11:49:12"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:cpio", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a10763f091f4aee411f765bbc2583d51fccd774a0fffc97115157aeec7c94b4a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e4647c0d8c08aca7129a55bf5b360fa", "key": "published"}, {"hash": "31e7a667f36ce7931861fd6f03ff2562", "key": "href"}, {"hash": "facb28268e1917f264d516f9cbc579d8", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "abcca042386f08c394305409e8bbe29b", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "68885b121c09dbce3c35b55b4c47ffa8", "key": "pluginID"}, {"hash": "21fc9686c146fcf6b16f09134dff3269", "key": "modified"}, {"hash": "30fcd7a32cd197eb5fe45b5f5e316333", "key": "title"}, {"hash": "f6c3952b0b93cb199f153e65a40f6d52", "key": "sourceData"}, {"hash": "48b40699da2a3a923acc49cee033624f", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80441", "id": "UBUNTU_USN-2456-1.NASL", "lastseen": "2018-09-01T23:44:27", "modified": "2018-08-03T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "80441", "published": "2015-01-09T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2456-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80441);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/08/03 12:21:24\");\n\n script_cve_id(\"CVE-2010-0624\", \"CVE-2014-9112\");\n script_bugtraq_id(38628, 71248);\n script_xref(name:\"USN\", value:\"2456-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered an out of bounds write issue in the\nprocess_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cpio\", pkgver:\"2.10-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cpio\", pkgver:\"2.11-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:44:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:cpio", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "e4fbb3628ab1944053498fff1b157b41792080d82ee0520846d574deba2d834d", "hashmap": [{"hash": "32786eac6dc4ab274900f630c92f6d3c", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e4647c0d8c08aca7129a55bf5b360fa", "key": "published"}, {"hash": "ddab325b78ee84639dc78b61e4febc39", "key": "modified"}, {"hash": "31e7a667f36ce7931861fd6f03ff2562", "key": "href"}, {"hash": "facb28268e1917f264d516f9cbc579d8", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "abcca042386f08c394305409e8bbe29b", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "68885b121c09dbce3c35b55b4c47ffa8", "key": "pluginID"}, {"hash": "30fcd7a32cd197eb5fe45b5f5e316333", "key": "title"}, {"hash": "48b40699da2a3a923acc49cee033624f", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80441", "id": "UBUNTU_USN-2456-1.NASL", "lastseen": "2017-10-29T13:37:30", "modified": "2016-05-24T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "80441", "published": "2015-01-09T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2456-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80441);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/24 17:37:07 $\");\n\n script_cve_id(\"CVE-2010-0624\", \"CVE-2014-9112\");\n script_bugtraq_id(38628, 71248);\n script_osvdb_id(62857, 62950, 115187);\n script_xref(name:\"USN\", value:\"2456-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered an out of bounds write issue in the\nprocess_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cpio\", pkgver:\"2.10-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cpio\", pkgver:\"2.11-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:37:30"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:cpio", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "f51d28ae4efb838360e0c9631400d9af17e00e65b3a4d5d6505c1b66d80baf71", "hashmap": [{"hash": "15be2a657cef5a8e2709ed38a31c96ae", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "0f4d286923929d54437b5c602e5e79eb", "key": "sourceData"}, {"hash": "4e4647c0d8c08aca7129a55bf5b360fa", "key": "published"}, {"hash": "0b7bc3d628637c0ff555114c533a3dda", "key": "modified"}, {"hash": "31e7a667f36ce7931861fd6f03ff2562", "key": "href"}, {"hash": "facb28268e1917f264d516f9cbc579d8", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "abcca042386f08c394305409e8bbe29b", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "68885b121c09dbce3c35b55b4c47ffa8", "key": "pluginID"}, {"hash": "30fcd7a32cd197eb5fe45b5f5e316333", "key": "title"}, {"hash": "48b40699da2a3a923acc49cee033624f", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=80441", "id": "UBUNTU_USN-2456-1.NASL", "lastseen": "2018-12-02T15:30:06", "modified": "2018-12-01T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "80441", "published": "2015-01-09T00:00:00", "references": ["https://usn.ubuntu.com/2456-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2456-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80441);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2010-0624\", \"CVE-2014-9112\");\n script_bugtraq_id(38628, 71248);\n script_xref(name:\"USN\", value:\"2456-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered an out of bounds write issue in the\nprocess_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2456-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cpio\", pkgver:\"2.10-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cpio\", pkgver:\"2.11-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-12-02T15:30:06"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "48b40699da2a3a923acc49cee033624f"}, {"key": "cvelist", "hash": "facb28268e1917f264d516f9cbc579d8"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "a4c192c993de10fe7afc6c4dfbff1dc2"}, {"key": "href", "hash": "31e7a667f36ce7931861fd6f03ff2562"}, {"key": "modified", "hash": "0b7bc3d628637c0ff555114c533a3dda"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "68885b121c09dbce3c35b55b4c47ffa8"}, {"key": "published", "hash": "4e4647c0d8c08aca7129a55bf5b360fa"}, {"key": "references", "hash": "15be2a657cef5a8e2709ed38a31c96ae"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "0f4d286923929d54437b5c602e5e79eb"}, {"key": "title", "hash": "30fcd7a32cd197eb5fe45b5f5e316333"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ad30bca649a4fabc7d76bab51f5e98c4d688628c39672e09e34d4371b9dac4b5", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2456-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80441);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2010-0624\", \"CVE-2014-9112\");\n script_bugtraq_id(38628, 71248);\n script_xref(name:\"USN\", value:\"2456-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cpio vulnerabilities (USN-2456-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered an out of bounds write issue in the\nprocess_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2456-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"cpio\", pkgver:\"2.10-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"cpio\", pkgver:\"2.11-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"cpio\", pkgver:\"2.11+dfsg-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "80441", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:cpio", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"]}
{"cve": [{"lastseen": "2017-09-08T10:27:07", "references": ["http://www.openwall.com/lists/oss-security/2014/11/25/2", "http://secunia.com/advisories/62145", "http://www.securityfocus.com/bid/71248", "http://www.ubuntu.com/usn/USN-2456-1", "https://exchange.xforce.ibmcloud.com/vulnerabilities/98918", "http://www.openwall.com/lists/oss-security/2014/11/26/20", "http://www.debian.org/security/2014/dsa-3111", "https://savannah.gnu.org/bugs/?43709", "http://seclists.org/fulldisclosure/2014/Nov/74", "http://www.openwall.com/lists/oss-security/2014/11/23/2", "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"], "edition": 3, "description": "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.", "reporter": "NVD", "published": "2014-12-02T11:59:05", "title": "CVE-2014-9112", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9112"], "scanner": [], "cpe": ["cpe:/a:gnu:cpio:2.11", "cpe:/o:debian:debian_linux:7.0"], "modified": "2017-09-07T21:29:32", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9112", "id": "CVE-2014-9112", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-11T11:34:15", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.html", "http://www.redhat.com/support/errata/RHSA-2010-0144.html", "http://www.securityfocus.com/archive/1/514503/100/0/threaded", "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:065", "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038149.html", "http://www.ubuntu.com/usn/USN-2456-1", "http://www.redhat.com/support/errata/RHSA-2010-0142.html", "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691", "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.html", "http://www.vupen.com/english/advisories/2010/1107", "http://www.vupen.com/english/advisories/2010/0728", "http://www.agrs.tu-berlin.de/index.php?id=78327", "https://bugzilla.redhat.com/show_bug.cgi?id=564368", "http://www.redhat.com/support/errata/RHSA-2010-0145.html", "http://www.vupen.com/english/advisories/2010/0687", "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.html", "http://www.vupen.com/english/advisories/2010/0729", "http://www.redhat.com/support/errata/RHSA-2010-0141.html", "http://www.vupen.com/english/advisories/2010/0629", "https://issues.rpath.com/browse/RPL-3219", "http://security.gentoo.org/glsa/glsa-201111-11.xml", "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.html", "http://www.vupen.com/english/advisories/2010/0639", "http://www.vupen.com/english/advisories/2010/0628"], "description": "Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.", "edition": 4, "reporter": "NVD", "published": "2010-03-15T09:28:25", "title": "CVE-2010-0624", "type": "cve", "enchantments": {"score": {"modified": "2018-10-11T11:34:15", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10277", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10277"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-0624"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10277", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10277"}], "modified": "2018-10-10T15:53:12", "cpe": ["cpe:/a:gnu:tar:1.20", "cpe:/a:gnu:cpio:1.2", "cpe:/a:gnu:tar:1.16", "cpe:/a:gnu:tar:1.14.90", "cpe:/a:gnu:tar:1.13.14", "cpe:/a:gnu:tar:1.14.1", "cpe:/a:gnu:tar:1.15.1", "cpe:/a:gnu:tar:1.13.18", "cpe:/a:gnu:cpio:2.6", "cpe:/a:gnu:tar:1.13.16", "cpe:/a:gnu:tar:1.13.19", "cpe:/a:gnu:tar:1.18", "cpe:/a:gnu:tar:1.14", "cpe:/a:gnu:cpio:2.7", "cpe:/a:gnu:cpio:2.10", "cpe:/a:gnu:tar:1.15", "cpe:/a:gnu:tar:1.17", "cpe:/a:gnu:cpio:2.9", "cpe:/a:gnu:tar:1.13.17", "cpe:/a:gnu:tar:1.15.91", "cpe:/a:gnu:tar:1.13.5", "cpe:/a:gnu:tar:1.21", "cpe:/a:gnu:cpio:1.1", "cpe:/a:gnu:tar:1.16.1", "cpe:/a:gnu:tar:1.22", "cpe:/a:gnu:cpio:1.3", "cpe:/a:gnu:tar:1.15.90", "cpe:/a:gnu:tar:1.13.11", "cpe:/a:gnu:tar:1.13", "cpe:/a:gnu:tar:1.19", "cpe:/a:gnu:cpio:2.4-2", "cpe:/a:gnu:tar:1.13.25", "cpe:/a:gnu:cpio:2.5.90", "cpe:/a:gnu:cpio:2.5", "cpe:/a:gnu:cpio:1.0", "cpe:/a:gnu:cpio:2.8"], "id": "CVE-2010-0624", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-11-19T13:01:07", "references": ["http://www.ubuntu.com/usn/usn-2456-1/", "2456-1"], "pluginID": "1361412562310842040", "description": "The remote host is missing an update for the ", "edition": 9, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-23T00:00:00", "title": "Ubuntu Update for cpio USN-2456-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310842040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842040", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for cpio USN-2456-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842040\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:57:52 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-9112\", \"CVE-2010-0624\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for cpio USN-2456-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cpio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Michal Zalewski discovered an out of bounds\nwrite issue in the process_copy_in function of GNU cpio. An attacker could specially\ncraft a cpio archive that could create a denial of service or possibly\nexecute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__\nfunction of GNU cpio's rmt client functionality. An attacker\ncontrolling a remote rmt server could use this to cause a denial of\nservice or possibly execute arbitrary code. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-0624)\");\n script_tag(name:\"affected\", value:\"cpio on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2456-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2456-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11+dfsg-2ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11+dfsg-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11-7ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.10-1ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:51", "references": ["2014-16168", "https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146364.html"], "pluginID": "1361412562310868805", "description": "Check the version of cpio", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-05T00:00:00", "title": "Fedora Update for cpio FEDORA-2014-16168", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310868805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cpio FEDORA-2014-16168\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868805\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:54:24 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-9112\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for cpio FEDORA-2014-16168\");\n script_tag(name: \"summary\", value: \"Check the version of cpio\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"GNU cpio copies files into or out of a cpio or tar archive. Archives\nare files which contain a collection of other files plus information\nabout them, such as their file name, owner, timestamps, and access\npermissions. The archive can be another file on the disk, a magnetic\ntape, or a pipe. GNU cpio supports the following archive formats: binary,\nold ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1\ntar. By default, cpio creates binary format archives, so that they are\ncompatible with older cpio programs. When it is extracting files from\narchives, cpio automatically recognizes which kind of archive it is reading\nand can read archives created on machines with a different byte-order.\n\nInstall cpio if you need a program to manage file archives.\n\");\n script_tag(name: \"affected\", value: \"cpio on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16168\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146364.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"cpio\", rpm:\"cpio~2.11~33.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:59", "references": ["http://linux.oracle.com/errata/ELSA-2015-2108.html"], "pluginID": "1361412562310122738", "description": "Oracle Linux Local Security Checks ELSA-2015-2108", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-11-24T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-2108", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122738", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2108.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122738\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:16 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2108\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2108 - cpio security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2108\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2108.html\");\n script_cve_id(\"CVE-2014-9112\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"cpio\", rpm:\"cpio~2.11~24.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-28T10:49:05", "references": ["http://www.debian.org/security/2014/dsa-3111.html"], "pluginID": "703111", "description": "Michal Zalewski discovered\nan out of bounds write issue in cpio, a tool for creating and extracting cpio\narchive files. In the process of fixing that issue, the cpio developers found\nand fixed additional range checking and null pointer dereference issues.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-22T00:00:00", "title": "Debian Security Advisory DSA 3111-1 (cpio - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2017-07-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703111", "id": "OPENVAS:703111", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3111.nasl 6715 2017-07-13 09:57:40Z teissa $\n# Auto-generated from advisory DSA 3111-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703111);\n script_version(\"$Revision: 6715 $\");\n script_cve_id(\"CVE-2014-9112\");\n script_name(\"Debian Security Advisory DSA 3111-1 (cpio - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-13 11:57:40 +0200 (Thu, 13 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-22 00:00:00 +0100 (Mon, 22 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3111.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"cpio on Debian Linux\");\n script_tag(name: \"insight\", value: \"GNU cpio is a tool for creating\nand extracting archives, or copying files from one place to another. It handles\na number of cpio formats as well as reading and writing tar files.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 2.11+dfsg-0.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.11+dfsg-4.\n\nWe recommend that you upgrade your cpio packages.\");\n script_tag(name: \"summary\", value: \"Michal Zalewski discovered\nan out of bounds write issue in cpio, a tool for creating and extracting cpio\narchive files. In the process of fixing that issue, the cpio developers found\nand fixed additional range checking and null pointer dereference issues.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11+dfsg-0.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cpio-win32\", ver:\"2.11+dfsg-0.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:13:15", "references": ["2015:2108-03", "https://www.redhat.com/archives/rhsa-announce/2015-November/msg00020.html"], "pluginID": "1361412562310871486", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-11-20T00:00:00", "title": "RedHat Update for cpio RHSA-2015:2108-03", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871486", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for cpio RHSA-2015:2108-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871486\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:20:39 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2014-9112\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for cpio RHSA-2015:2108-03\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cpio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The cpio packages provide the GNU cpio\nutility for creating and extracting archives, or copying files from one place\nto another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file() function.\nAn attacker could provide a specially crafted archive that, when processed\nby cpio, would crash cpio, or potentially lead to arbitrary code execution.\n(CVE-2014-9112)\n\nThis update fixes the following bugs:\n\n * Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call succeeded,\ncpio terminated unexpectedly with a segmentation fault without processing\nfurther files. The underlying source code has been patched, and an archive\nis now created successfully. (BZ#1138148)\n\n * Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in spelling.\nThis has been corrected and the Russian error message is spelled correctly.\n(BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\");\n script_tag(name:\"affected\", value:\"cpio on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2108-03\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00020.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"cpio\", rpm:\"cpio~2.11~24.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cpio-debuginfo\", rpm:\"cpio-debuginfo~2.11~24.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:48", "references": ["http://www.debian.org/security/2014/dsa-3111.html"], "pluginID": "1361412562310703111", "description": "Michal Zalewski discovered\nan out of bounds write issue in cpio, a tool for creating and extracting cpio\narchive files. In the process of fixing that issue, the cpio developers found\nand fixed additional range checking and null pointer dereference issues.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-12-22T00:00:00", "title": "Debian Security Advisory DSA 3111-1 (cpio - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703111", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3111.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3111-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703111\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-9112\");\n script_name(\"Debian Security Advisory DSA 3111-1 (cpio - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-22 00:00:00 +0100 (Mon, 22 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3111.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"cpio on Debian Linux\");\n script_tag(name: \"insight\", value: \"GNU cpio is a tool for creating\nand extracting archives, or copying files from one place to another. It handles\na number of cpio formats as well as reading and writing tar files.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 2.11+dfsg-0.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.11+dfsg-4.\n\nWe recommend that you upgrade your cpio packages.\");\n script_tag(name: \"summary\", value: \"Michal Zalewski discovered\nan out of bounds write issue in cpio, a tool for creating and extracting cpio\narchive files. In the process of fixing that issue, the cpio developers found\nand fixed additional range checking and null pointer dereference issues.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cpio\", ver:\"2.11+dfsg-0.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cpio-win32\", ver:\"2.11+dfsg-0.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:25", "references": ["http://lists.centos.org/pipermail/centos-announce/2010-March/016572.html", "2010:0143"], "pluginID": "880373", "description": "Check for the Version of cpio", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-22T00:00:00", "title": "CentOS Update for cpio CESA-2010:0143 centos4 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0624"], "modified": "2017-12-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880373", "id": "OPENVAS:880373", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cpio CESA-2010:0143 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GNU cpio copies files into or out of a cpio or tar archive.\n\n A heap-based buffer overflow flaw was found in the way cpio expanded\n archive files. If a user were tricked into expanding a specially-crafted\n archive, it could cause the cpio executable to crash or execute arbitrary\n code with the privileges of the user running cpio. (CVE-2010-0624)\n \n Red Hat would like to thank Jakob Lell for responsibly reporting this\n issue.\n \n Users of cpio are advised to upgrade to this updated package, which\n contains a backported patch to correct this issue.\";\n\ntag_affected = \"cpio on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-March/016572.html\");\n script_id(880373);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0143\");\n script_cve_id(\"CVE-2010-0624\");\n script_name(\"CentOS Update for cpio CESA-2010:0143 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cpio\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"cpio\", rpm:\"cpio~2.5~16.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:09", "references": ["http://lists.centos.org/pipermail/centos-announce/2010-March/016564.html", "2010:0142"], "pluginID": "880372", "description": "Check for the Version of tar", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CentOS Update for tar CESA-2010:0142 centos3 i386", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0624"], "modified": "2017-12-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880372", "id": "OPENVAS:880372", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tar CESA-2010:0142 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GNU tar program saves many files together in one archive and can\n restore individual files (or all of the files) from that archive.\n\n A heap-based buffer overflow flaw was found in the way tar expanded archive\n files. If a user were tricked into expanding a specially-crafted archive,\n it could cause the tar executable to crash or execute arbitrary code with\n the privileges of the user running tar. (CVE-2010-0624)\n \n Red Hat would like to thank Jakob Lell for responsibly reporting this\n issue.\n \n Users of tar are advised to upgrade to this updated package, which contains\n a backported patch to correct this issue.\";\n\ntag_affected = \"tar on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-March/016564.html\");\n script_id(880372);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0142\");\n script_cve_id(\"CVE-2010-0624\");\n script_name(\"CentOS Update for tar CESA-2010:0142 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tar\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"tar\", rpm:\"tar~1.13.25~16.RHEL3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:56", "references": ["https://www.redhat.com/archives/rhsa-announce/2010-March/msg00007.html", "2010:0142-01"], "pluginID": "870229", "description": "Check for the Version of tar", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-22T00:00:00", "title": "RedHat Update for tar RHSA-2010:0142-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0624"], "modified": "2017-12-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870229", "id": "OPENVAS:870229", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tar RHSA-2010:0142-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GNU tar program saves many files together in one archive and can\n restore individual files (or all of the files) from that archive.\n\n A heap-based buffer overflow flaw was found in the way tar expanded archive\n files. If a user were tricked into expanding a specially-crafted archive,\n it could cause the tar executable to crash or execute arbitrary code with\n the privileges of the user running tar. (CVE-2010-0624)\n \n Red Hat would like to thank Jakob Lell for responsibly reporting this\n issue.\n \n Users of tar are advised to upgrade to this updated package, which contains\n a backported patch to correct this issue.\";\n\ntag_affected = \"tar on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00007.html\");\n script_id(870229);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0142-01\");\n script_cve_id(\"CVE-2010-0624\");\n script_name(\"RedHat Update for tar RHSA-2010:0142-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tar\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"tar\", rpm:\"tar~1.13.25~16.RHEL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tar-debuginfo\", rpm:\"tar-debuginfo~1.13.25~16.RHEL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:22", "references": ["2010:065", "http://lists.mandriva.com/security-announce/2010-02/msg00024.php"], "pluginID": "1361412562310830892", "description": "Check for the Version of mandriva-release", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-02-19T00:00:00", "type": "openvas", "title": "Mandriva Update for mandriva-release MDVA-2010:065 (mandriva-release)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0624"], "modified": "2017-12-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830892", "id": "OPENVAS:1361412562310830892", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mandriva-release MDVA-2010:065 (mandriva-release)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mandriva-release on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_insight = \"Add the extended maintenance access support for 2008.0\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-02/msg00024.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830892\");\n script_version(\"$Revision: 8187 $\");\n script_cve_id(\"CVE-2010-0624\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-19 13:38:15 +0100 (Fri, 19 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:065\");\n script_name(\"Mandriva Update for mandriva-release MDVA-2010:065 (mandriva-release)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mandriva-release\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-common\", rpm:\"mandriva-release-common~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-Flash\", rpm:\"mandriva-release-Flash~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-Free\", rpm:\"mandriva-release-Free~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-One\", rpm:\"mandriva-release-One~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-Powerpack\", rpm:\"mandriva-release-Powerpack~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release\", rpm:\"mandriva-release~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:13", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9112", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0624"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.11+dfsg-2ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cpio", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.10-1ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cpio", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.11-7ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cpio", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.11+dfsg-1ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "cpio", "operator": "lt"}], "description": "Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112)\n\nJakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio\u2019s rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-0624)", "edition": 3, "reporter": "Ubuntu", "published": "2015-01-08T00:00:00", "title": "GNU cpio vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9112", "CVE-2010-0624"], "modified": "2015-01-08T00:00:00", "id": "USN-2456-1", "href": "https://usn.ubuntu.com/2456-1/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:22:47", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-November/005553.html"], "pluginID": "87021", "description": "From Red Hat Security Advisory 2015:2108 :\n\nUpdated cpio packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and\nextracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file()\nfunction. An attacker could provide a specially crafted archive that,\nwhen processed by cpio, would crash cpio, or potentially lead to\narbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call\nsucceeded, cpio terminated unexpectedly with a segmentation fault\nwithout processing further files. The underlying source code has been\npatched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in\nspelling. This has been corrected and the Russian error message is\nspelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 6, "reporter": "Tenable", "published": "2015-11-24T00:00:00", "title": "Oracle Linux 7 : cpio (ELSA-2015-2108)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:cpio"], "id": "ORACLELINUX_ELSA-2015-2108.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87021", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2108 and \n# Oracle Linux Security Advisory ELSA-2015-2108 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87021);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_xref(name:\"RHSA\", value:\"2015:2108\");\n\n script_name(english:\"Oracle Linux 7 : cpio (ELSA-2015-2108)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2108 :\n\nUpdated cpio packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and\nextracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file()\nfunction. An attacker could provide a specially crafted archive that,\nwhen processed by cpio, would crash cpio, or potentially lead to\narbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call\nsucceeded, cpio terminated unexpectedly with a segmentation fault\nwithout processing further files. The underlying source code has been\npatched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in\nspelling. This has been corrected and the Russian error message is\nspelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005553.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"cpio-2.11-24.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:22:48", "references": ["http://www.nessus.org/u?03ba2aaf"], "pluginID": "87130", "description": "Updated cpio packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and\nextracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file()\nfunction. An attacker could provide a specially crafted archive that,\nwhen processed by cpio, would crash cpio, or potentially lead to\narbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call\nsucceeded, cpio terminated unexpectedly with a segmentation fault\nwithout processing further files. The underlying source code has been\npatched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in\nspelling. This has been corrected and the Russian error message is\nspelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 8, "reporter": "Tenable", "published": "2015-12-02T00:00:00", "title": "CentOS 7 : cpio (CESA-2015:2108)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:cpio", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-2108.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2108 and \n# CentOS Errata and Security Advisory 2015:2108 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87130);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_xref(name:\"RHSA\", value:\"2015:2108\");\n\n script_name(english:\"CentOS 7 : cpio (CESA-2015:2108)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cpio packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and\nextracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file()\nfunction. An attacker could provide a specially crafted archive that,\nwhen processed by cpio, would crash cpio, or potentially lead to\narbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call\nsucceeded, cpio terminated unexpectedly with a segmentation fault\nwithout processing further files. The underlying source code has been\npatched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in\nspelling. This has been corrected and the Russian error message is\nspelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002174.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?03ba2aaf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"cpio-2.11-24.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:28", "references": ["http://www.nessus.org/u?c72b40a5", "https://bugzilla.redhat.com/show_bug.cgi?id=1167571"], "pluginID": "80089", "description": "Security fix for CVE-2014-9112 (#1167573)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2014-12-18T00:00:00", "title": "Fedora 21 : cpio-2.11-33.fc21 (2014-16168)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cpio", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-16168.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80089", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16168.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80089);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:29 $\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_xref(name:\"FEDORA\", value:\"2014-16168\");\n\n script_name(english:\"Fedora 21 : cpio-2.11-33.fc21 (2014-16168)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9112 (#1167573)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167571\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146364.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c72b40a5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"cpio-2.11-33.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:32", "references": ["https://www.debian.org/security/2014/dsa-3111", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772793", "https://packages.debian.org/source/wheezy/cpio"], "pluginID": "80284", "description": "Michal Zalewski discovered an out of bounds write issue in cpio, a\ntool for creating and extracting cpio archive files. In the process of\nfixing that issue, the cpio developers found and fixed additional\nrange checking and NULL pointer dereference issues.", "edition": 7, "reporter": "Tenable", "published": "2014-12-30T00:00:00", "title": "Debian DSA-3111-1 : cpio - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:cpio", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3111.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80284", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3111. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80284);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_bugtraq_id(71248);\n script_xref(name:\"DSA\", value:\"3111\");\n\n script_name(english:\"Debian DSA-3111-1 : cpio - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered an out of bounds write issue in cpio, a\ntool for creating and extracting cpio archive files. In the process of\nfixing that issue, the cpio developers found and fixed additional\nrange checking and NULL pointer dereference issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/cpio\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cpio packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.11+dfsg-0.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"cpio\", reference:\"2.11+dfsg-0.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"cpio-win32\", reference:\"2.11+dfsg-0.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:27", "references": ["https://lists.opensuse.org/opensuse-updates/2014-12/msg00061.html", "https://bugzilla.opensuse.org/show_bug.cgi?id=907456"], "pluginID": "80044", "description": "This cpio update fixes the following secuirty issue :\n\n - fix an OOB write with cpio -i (bnc#907456)\n (CVE-2014-9112)", "edition": 6, "reporter": "Tenable", "published": "2014-12-16T00:00:00", "title": "openSUSE Security Update : cpio (openSUSE-SU-2014:1643-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cpio-debuginfo", "p-cpe:/a:novell:opensuse:cpio", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:cpio-debugsource", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:cpio-lang", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-771.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80044", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-771.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80044);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-9112\");\n\n script_name(english:\"openSUSE Security Update : cpio (openSUSE-SU-2014:1643-1)\");\n script_summary(english:\"Check for the openSUSE-2014-771 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This cpio update fixes the following secuirty issue :\n\n - fix an OOB write with cpio -i (bnc#907456)\n (CVE-2014-9112)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00061.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cpio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cpio-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cpio-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"cpio-2.11-21.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"cpio-debuginfo-2.11-21.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"cpio-debugsource-2.11-21.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"cpio-lang-2.11-21.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cpio-2.11-25.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cpio-debuginfo-2.11-25.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cpio-debugsource-2.11-25.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cpio-lang-2.11-25.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cpio-2.11-29.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cpio-debuginfo-2.11-29.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cpio-debugsource-2.11-29.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cpio-lang-2.11-29.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio / cpio-debuginfo / cpio-debugsource / cpio-lang\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:26", "references": ["http://advisories.mageia.org/MGASA-2014-0528.html"], "pluginID": "79995", "description": "Updated cpio package fixes security vulnerability :\n\nHeap-based buffer overflow in the process_copy_in function in GNU Cpio\n2.11 allows remote attackers to cause a denial of service via a large\nblock value in a cpio archive (CVE-2014-9112).\n\nAdditionally, a NULL pointer dereference in the copyin_link function\nwhich could cause a denial of service has also been fixed.", "edition": 7, "reporter": "Tenable", "published": "2014-12-15T00:00:00", "title": "Mandriva Linux Security Advisory : cpio (MDVSA-2014:250)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:cpio"], "id": "MANDRIVA_MDVSA-2014-250.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79995", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:250. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79995);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_bugtraq_id(71248);\n script_xref(name:\"MDVSA\", value:\"2014:250\");\n\n script_name(english:\"Mandriva Linux Security Advisory : cpio (MDVSA-2014:250)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cpio package fixes security vulnerability :\n\nHeap-based buffer overflow in the process_copy_in function in GNU Cpio\n2.11 allows remote attackers to cause a denial of service via a large\nblock value in a cpio archive (CVE-2014-9112).\n\nAdditionally, a NULL pointer dereference in the copyin_link function\nwhich could cause a denial of service has also been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0528.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"cpio-2.11-3.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:06", "references": ["https://lists.debian.org/debian-lts-announce/2014/12/msg00014.html", "https://packages.debian.org/source/squeeze-lts/cpio"], "pluginID": "82095", "description": "Multiple issues have been identified in cpio, including a buffer\noverflow and multiple NULL pointer dereference, resulting at least in\na denial of service and possibly also in an unwanted code execution.\n\nThis has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by\napplying the upstream patches.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2015-03-26T00:00:00", "title": "Debian DLA-111-1 : cpio security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:cpio", "p-cpe:/a:debian:debian_linux:cpio-win32"], "id": "DEBIAN_DLA-111.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82095", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-111-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82095);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_bugtraq_id(71248);\n\n script_name(english:\"Debian DLA-111-1 : cpio security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple issues have been identified in cpio, including a buffer\noverflow and multiple NULL pointer dereference, resulting at least in\na denial of service and possibly also in an unwanted code execution.\n\nThis has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by\napplying the upstream patches.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/12/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/cpio\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected cpio, and cpio-win32 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cpio-win32\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"cpio\", reference:\"2.11-4+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"cpio-win32\", reference:\"2.11-4+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:33", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1167571", "http://www.nessus.org/u?59a216bf"], "pluginID": "80364", "description": "Security fix for CVE-2014-9112 (#1167573)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2015-01-06T00:00:00", "title": "Fedora 20 : cpio-2.11-28.fc20 (2014-16250)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2018-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cpio", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-16250.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80364", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16250.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80364);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:21\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_bugtraq_id(71248);\n script_xref(name:\"FEDORA\", value:\"2014-16250\");\n\n script_name(english:\"Fedora 20 : cpio-2.11-28.fc20 (2014-16250)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9112 (#1167573)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167571\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147581.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59a216bf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cpio package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"cpio-2.11-28.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:22:46", "references": ["https://access.redhat.com/security/cve/cve-2014-9112", "https://access.redhat.com/errata/RHSA-2015:2108"], "pluginID": "86969", "description": "Updated cpio packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and\nextracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file()\nfunction. An attacker could provide a specially crafted archive that,\nwhen processed by cpio, would crash cpio, or potentially lead to\narbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call\nsucceeded, cpio terminated unexpectedly with a segmentation fault\nwithout processing further files. The underlying source code has been\npatched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in\nspelling. This has been corrected and the Russian error message is\nspelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 10, "reporter": "Tenable", "published": "2015-11-20T00:00:00", "title": "RHEL 7 : cpio (RHSA-2015:2108)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cpio", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:cpio-debuginfo"], "id": "REDHAT-RHSA-2015-2108.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86969", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2108. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86969);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2014-9112\");\n script_xref(name:\"RHSA\", value:\"2015:2108\");\n\n script_name(english:\"RHEL 7 : cpio (RHSA-2015:2108)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated cpio packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe cpio packages provide the GNU cpio utility for creating and\nextracting archives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file()\nfunction. An attacker could provide a specially crafted archive that,\nwhen processed by cpio, would crash cpio, or potentially lead to\narbitrary code execution. (CVE-2014-9112)\n\nThis update fixes the following bugs :\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call\nsucceeded, cpio terminated unexpectedly with a segmentation fault\nwithout processing further files. The underlying source code has been\npatched, and an archive is now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in\nspelling. This has been corrected and the Russian error message is\nspelled correctly. (BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9112\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cpio and / or cpio-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cpio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2108\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"cpio-2.11-24.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cpio-2.11-24.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"cpio-debuginfo-2.11-24.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cpio-debuginfo-2.11-24.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpio / cpio-debuginfo\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:29", "references": ["http://support.novell.com/security/cve/CVE-2014-9112.html", "https://bugzilla.novell.com/show_bug.cgi?id=907456"], "pluginID": "80165", "description": "This cpio update fixes the following security issue :\n\n - heap-based buffer overflow flaw in list_file()\n (CVE-2014-9112). (bnc#907456)", "edition": 5, "reporter": "Tenable", "published": "2014-12-22T00:00:00", "title": "SuSE 11.3 Security Update : cpio (SAT Patch Number 10070)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9112"], "modified": "2014-12-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:cpio-lang", "p-cpe:/a:novell:suse_linux:11:cpio", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_CPIO-141204.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80165);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/12/22 14:33:18 $\");\n\n script_cve_id(\"CVE-2014-9112\");\n\n script_name(english:\"SuSE 11.3 Security Update : cpio (SAT Patch Number 10070)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This cpio update fixes the following security issue :\n\n - heap-based buffer overflow flaw in list_file()\n (CVE-2014-9112). (bnc#907456)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=907456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9112.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10070.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cpio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cpio-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"cpio-2.9-75.78.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"cpio-lang-2.9-75.78.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"cpio-2.9-75.78.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"cpio-lang-2.9-75.78.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"cpio-2.9-75.78.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"cpio-lang-2.9-75.78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:44:16", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.11-24.el7", "arch": "aarch64", "packageName": "cpio", "packageFilename": "cpio-2.11-24.el7.aarch64.rpm", "operator": "lt"}], "description": "The cpio packages provide the GNU cpio utility for creating and extracting\narchives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file() function.\nAn attacker could provide a specially crafted archive that, when processed\nby cpio, would crash cpio, or potentially lead to arbitrary code execution.\n(CVE-2014-9112)\n\nThis update fixes the following bugs:\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call succeeded,\ncpio terminated unexpectedly with a segmentation fault without processing\nfurther files. The underlying source code has been patched, and an archive\nis now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in spelling.\nThis has been corrected and the Russian error message is spelled correctly.\n(BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "reporter": "RedHat", "published": "2015-11-19T19:43:07", "type": "redhat", "title": "(RHSA-2015:2108) Moderate: cpio security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9112"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:31:37", "id": "RHSA-2015:2108", "href": "https://access.redhat.com/errata/RHSA-2015:2108", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-05-27T21:41:43", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.13.25-16.RHEL3", "arch": "ppc", "packageName": "tar", "packageFilename": "tar-1.13.25-16.RHEL3.ppc.rpm", "operator": "lt"}], "description": "The GNU tar program saves many files together in one archive and can\nrestore individual files (or all of the files) from that archive.\n\nA heap-based buffer overflow flaw was found in the way tar expanded archive\nfiles. If a user were tricked into expanding a specially-crafted archive,\nit could cause the tar executable to crash or execute arbitrary code with\nthe privileges of the user running tar. (CVE-2010-0624)\n\nRed Hat would like to thank Jakob Lell for responsibly reporting this\nissue.\n\nUsers of tar are advised to upgrade to this updated package, which contains\na backported patch to correct this issue.", "reporter": "RedHat", "published": "2010-03-15T04:00:00", "type": "redhat", "title": "(RHSA-2010:0142) Moderate: tar security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0624"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2010:0142", "href": "https://access.redhat.com/errata/RHSA-2010:0142", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:41:14", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "i386", "packageName": "cpio", "packageFilename": "cpio-2.5-16.el4_8.1.i386.rpm", "operator": "lt"}], "description": "GNU cpio copies files into or out of a cpio or tar archive.\n\nA heap-based buffer overflow flaw was found in the way cpio expanded\narchive files. If a user were tricked into expanding a specially-crafted\narchive, it could cause the cpio executable to crash or execute arbitrary\ncode with the privileges of the user running cpio. (CVE-2010-0624)\n\nRed Hat would like to thank Jakob Lell for responsibly reporting this\nissue.\n\nUsers of cpio are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.", "reporter": "RedHat", "published": "2010-03-15T04:00:00", "type": "redhat", "title": "(RHSA-2010:0143) Moderate: cpio security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0624"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:09:05", "id": "RHSA-2010:0143", "href": "https://access.redhat.com/errata/RHSA-2010:0143", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:43:55", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "arch": "i386", "packageName": "cpio", "packageFilename": "cpio-2.6-23.el5_4.1.i386.rpm", "operator": "lt"}], "description": "GNU cpio copies files into or out of a cpio or tar archive.\n\nA heap-based buffer overflow flaw was found in the way cpio expanded\narchive files. If a user were tricked into expanding a specially-crafted\narchive, it could cause the cpio executable to crash or execute arbitrary\ncode with the privileges of the user running cpio. (CVE-2010-0624)\n\nRed Hat would like to thank Jakob Lell for responsibly reporting the\nCVE-2010-0624 issue.\n\nA denial of service flaw was found in the way cpio expanded archive files.\nIf a user expanded a specially-crafted archive, it could cause the cpio\nexecutable to crash. (CVE-2007-4476)\n\nUsers of cpio are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.", "reporter": "RedHat", "published": "2010-03-15T04:00:00", "type": "redhat", "title": "(RHSA-2010:0144) Moderate: cpio security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4476", "CVE-2010-0624"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:17:35", "id": "RHSA-2010:0144", "href": "https://access.redhat.com/errata/RHSA-2010:0144", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-27T21:43:06", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.5-6.RHEL3", "arch": "ppc", "packageName": "cpio", "packageFilename": "cpio-2.5-6.RHEL3.ppc.rpm", "operator": "lt"}], "description": "GNU cpio copies files into or out of a cpio or tar archive.\n\nA heap-based buffer overflow flaw was found in the way cpio expanded\narchive files. If a user were tricked into expanding a specially-crafted\narchive, it could cause the cpio executable to crash or execute arbitrary\ncode with the privileges of the user running cpio. (CVE-2010-0624)\n\nRed Hat would like to thank Jakob Lell for responsibly reporting the\nCVE-2010-0624 issue.\n\nA stack-based buffer overflow flaw was found in the way cpio expanded large\narchive files. If a user expanded a specially-crafted archive, it could\ncause the cpio executable to crash. This issue only affected 64-bit\nplatforms. (CVE-2005-4268)\n\nUsers of cpio are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.", "reporter": "RedHat", "published": "2010-03-15T04:00:00", "type": "redhat", "title": "(RHSA-2010:0145) Moderate: cpio security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-4268", "CVE-2010-0624"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2010:0145", "href": "https://access.redhat.com/errata/RHSA-2010:0145", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:43:04", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "i386", "packageName": "tar", "packageFilename": "tar-1.14-13.el4_8.1.i386.rpm", "operator": "lt"}], "description": "The GNU tar program saves many files together in one archive and can\nrestore individual files (or all of the files) from that archive.\n\nA heap-based buffer overflow flaw was found in the way tar expanded archive\nfiles. If a user were tricked into expanding a specially-crafted archive,\nit could cause the tar executable to crash or execute arbitrary code with\nthe privileges of the user running tar. (CVE-2010-0624)\n\nRed Hat would like to thank Jakob Lell for responsibly reporting the\nCVE-2010-0624 issue.\n\nA denial of service flaw was found in the way tar expanded archive files.\nIf a user expanded a specially-crafted archive, it could cause the tar\nexecutable to crash. (CVE-2007-4476)\n\nUsers of tar are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.", "reporter": "RedHat", "published": "2010-03-15T04:00:00", "type": "redhat", "title": "(RHSA-2010:0141) Moderate: tar security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4476", "CVE-2010-0624"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:06:58", "id": "RHSA-2010:0141", "href": "https://access.redhat.com/errata/RHSA-2010:0141", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:45:23", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.4-2.1.12.1.el5_4rhev2_1", "arch": "noarch", "packageName": "rhev-hypervisor-pxe", "packageFilename": "rhev-hypervisor-pxe-5.4-2.1.12.1.el5_4rhev2_1.noarch.rpm", "operator": "lt"}], "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\n(RHEV) Hypervisor ISO disk image. The RHEV Hypervisor is a dedicated\nKernel-based Virtual Machine (KVM) hypervisor. It includes everything\nnecessary to run and manage virtual machines: A subset of the Red Hat\nEnterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: RHEV Hypervisor is only available for the Intel 64 and AMD64\narchitectures with virtualization extensions.\n\nIt was discovered that OpenSSL did not always check the return value of\nthe bn_wexpand() function. An attacker able to trigger a memory allocation\nfailure in that function could cause an application using the OpenSSL\nlibrary to crash or, possibly, execute arbitrary code. (CVE-2009-3245)\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw in openssl, nss, and\ngnutls by implementing the TLS Renegotiation Indication Extension, as\ndefined in RFC 5746. (CVE-2009-3555)\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for RHEV\nHypervisor. These fixes are for kernel issues CVE-2009-4307, CVE-2010-0727,\nCVE-2009-4027, and CVE-2010-1188; cpio issues CVE-2010-0624 and\nCVE-2007-4476; gnutls issue CVE-2009-2409; openssl issue CVE-2010-0433; and\ntar issues CVE-2010-0624 and CVE-2007-4476.\n\nThis update also fixes the following bugs:\n\n* bridged network interfaces using the bnx2x, mlx4_en, enic and s2io\ndrivers had Large Receive Offload (LRO) enabled by default. This caused\nsignificantly degraded network I/O performance. LRO has been disabled for\nall network interface drivers which have LRO enabled by default in Red Hat\nEnterprise Linux 5. With this change, network I/O performance is\nsignificantly improved. (BZ#576374, BZ#579730)\n\n* RHEV Hypervisor supported IPv6, but as this is not used to communicate\nwith the RHEV Manager, it is superfluous. Support for IPv6 has now been\ndisabled in RHEV Hypervisor. (BZ#577300)\n\n* for VLAN interfaces, the hardware (MAC) address of the interface was set\nonly in the VLAN ifcfg script, not in the physical interface ifcfg script.\nThis caused network interfaces with VLAN tags to intermittently fail on\nboot. The MAC address is now set in the ifcfg script for the underlying\nphysical interface. Network interfaces with VLAN tags now work consistently\nbetween reboots. (BZ#581876)\n\n* the hypervisor would hang on reboot after repeated upgrade operations,\ndue to GRUB accessing the /boot file system before it was flushed. The\n/boot file system is now remounted before GRUB accesses it. (BZ#591111)\n\nAs RHEV Hypervisor is based on KVM, the bug fixes from the KVM update\nRHBA-2010:0434 have been included in this update. Also included are the bug\nfixes from the RHEV Manager Agent (VDSM) update RHBA-2010:0435.\n\nKVM: https://rhn.redhat.com/errata/RHBA-2010-0434.html\nVDSM: https://rhn.redhat.com/errata/RHBA-2010-0435.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "reporter": "RedHat", "published": "2010-05-25T04:00:00", "type": "redhat", "title": "(RHSA-2010:0440) Important: rhev-hypervisor security and bug fix update", "enchantments": {"score": {"modified": "2018-12-11T17:45:23", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4476", "CVE-2009-2409", "CVE-2009-3245", "CVE-2009-3555", "CVE-2009-4027", "CVE-2009-4307", "CVE-2010-0433", "CVE-2010-0624", "CVE-2010-0727", "CVE-2010-1188"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-25T06:35:03", "id": "RHSA-2010:0440", "href": "https://access.redhat.com/errata/RHSA-2010:0440", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:46:40", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.11-24.el7", "arch": "src", "packageFilename": "cpio-2.11-24.el7.src.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.11-24.el7", "arch": "x86_64", "packageFilename": "cpio-2.11-24.el7.x86_64.rpm", "packageName": "cpio", "operator": "lt"}], "description": "[2.11-24]\n- fix for CVE-2014-9112\n[2.11-23]\n- better check for read() error (rhbz#1138148)\n- fix ru translation (rhbz#1075513)", "edition": 3, "reporter": "Oracle", "published": "2015-11-23T00:00:00", "title": "cpio security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9112"], "modified": "2015-11-23T00:00:00", "id": "ELSA-2015-2108", "href": "http://linux.oracle.com/errata/ELSA-2015-2108.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:46:38", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.5-6.RHEL3", "arch": "x86_64", "packageFilename": "cpio-2.5-6.RHEL3.x86_64.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.5-6.RHEL3", "arch": "i386", "packageFilename": "cpio-2.5-6.RHEL3.i386.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.5-6.RHEL3", "arch": "src", "packageFilename": "cpio-2.5-6.RHEL3.src.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.5-6.RHEL3", "arch": "src", "packageFilename": "cpio-2.5-6.RHEL3.src.rpm", "packageName": "cpio", "operator": "lt"}], "description": "[2.5-6]\n- CVE-2010-0624 fix heap-based buffer overflow by expanding\n a specially-crafted archive\n[2.5-5.RHEL3]\n- fix buffer overflow on 64-bit systems (#229191)", "edition": 3, "reporter": "Oracle", "published": "2010-03-15T00:00:00", "title": "cpio security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0624"], "modified": "2010-03-15T00:00:00", "id": "ELSA-2010-0145", "href": "http://linux.oracle.com/errata/ELSA-2010-0145.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:49:25", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.13.25-16.RHEL3", "arch": "i386", "packageFilename": "tar-1.13.25-16.RHEL3.i386.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.13.25-16.RHEL3", "arch": "src", "packageFilename": "tar-1.13.25-16.RHEL3.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.13.25-16.RHEL3", "arch": "src", "packageFilename": "tar-1.13.25-16.RHEL3.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.13.25-16.RHEL3", "arch": "x86_64", "packageFilename": "tar-1.13.25-16.RHEL3.x86_64.rpm", "packageName": "tar", "operator": "lt"}], "description": "[1.13.25-16.RHEL3]\n- CVE-2010-0624 - fix heap-based buffer overflow by expanding\n a specially-crafted archive", "edition": 3, "reporter": "Oracle", "published": "2010-03-15T00:00:00", "title": "tar security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0624"], "modified": "2010-03-15T00:00:00", "id": "ELSA-2010-0142", "href": "http://linux.oracle.com/errata/ELSA-2010-0142.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:39:41", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "x86_64", "packageFilename": "cpio-2.5-16.el4_8.1.x86_64.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "i386", "packageFilename": "cpio-2.5-16.el4_8.1.i386.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "ia64", "packageFilename": "cpio-2.5-16.el4_8.1.ia64.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "src", "packageFilename": "cpio-2.5-16.el4_8.1.src.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "src", "packageFilename": "cpio-2.5-16.el4_8.1.src.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "src", "packageFilename": "cpio-2.5-16.el4_8.1.src.rpm", "packageName": "cpio", "operator": "lt"}], "description": "[2.5-16.1]\n- CVE-2010-0624 fix heap-based buffer overflow by expanding\n a specially-crafted archive", "edition": 3, "reporter": "Oracle", "published": "2010-03-15T00:00:00", "title": "cpio security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0624"], "modified": "2010-03-15T00:00:00", "id": "ELSA-2010-0143", "href": "http://linux.oracle.com/errata/ELSA-2010-0143.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:37:51", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "arch": "src", "packageFilename": "cpio-2.6-23.el5_4.1.src.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "arch": "src", "packageFilename": "cpio-2.6-23.el5_4.1.src.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "arch": "src", "packageFilename": "cpio-2.6-23.el5_4.1.src.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "arch": "i386", "packageFilename": "cpio-2.6-23.el5_4.1.i386.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "arch": "ia64", "packageFilename": "cpio-2.6-23.el5_4.1.ia64.rpm", "packageName": "cpio", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "arch": "x86_64", "packageFilename": "cpio-2.6-23.el5_4.1.x86_64.rpm", "packageName": "cpio", "operator": "lt"}], "description": "[2.6-23.1]\n- CVE-2010-0624 fix heap-based buffer overflow by expanding\n a specially-crafted archive\n- CVE-2007-4476 fix stack crashing in safer_name_suffix ", "edition": 3, "reporter": "Oracle", "published": "2010-03-15T00:00:00", "title": "cpio security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4476", "CVE-2010-0624"], "modified": "2010-03-15T00:00:00", "id": "ELSA-2010-0144", "href": "http://linux.oracle.com/errata/ELSA-2010-0144.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:43:53", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "ia64", "packageFilename": "tar-1.14-13.el4_8.1.ia64.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.15.1-23.0.1.el5_4.2", "arch": "x86_64", "packageFilename": "tar-1.15.1-23.0.1.el5_4.2.x86_64.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "i386", "packageFilename": "tar-1.14-13.el4_8.1.i386.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.15.1-23.0.1.el5_4.2", "arch": "src", "packageFilename": "tar-1.15.1-23.0.1.el5_4.2.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.15.1-23.0.1.el5_4.2", "arch": "src", "packageFilename": "tar-1.15.1-23.0.1.el5_4.2.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.15.1-23.0.1.el5_4.2", "arch": "src", "packageFilename": "tar-1.15.1-23.0.1.el5_4.2.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.15.1-23.0.1.el5_4.2", "arch": "ia64", "packageFilename": "tar-1.15.1-23.0.1.el5_4.2.ia64.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.15.1-23.0.1.el5_4.2", "arch": "i386", "packageFilename": "tar-1.15.1-23.0.1.el5_4.2.i386.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "x86_64", "packageFilename": "tar-1.14-13.el4_8.1.x86_64.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "src", "packageFilename": "tar-1.14-13.el4_8.1.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "src", "packageFilename": "tar-1.14-13.el4_8.1.src.rpm", "packageName": "tar", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "src", "packageFilename": "tar-1.14-13.el4_8.1.src.rpm", "packageName": "tar", "operator": "lt"}], "description": "[2:1.15.1-23.0.1.2]\n- CVE-2007-4476 - fix stack crashing in safer_name_suffix\n- CVE-2010-0624 - fix heap-based buffer overflow by expanding\n a specially-crafted archive ", "edition": 3, "reporter": "Oracle", "published": "2010-03-15T00:00:00", "title": "tar security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4476", "CVE-2010-0624"], "modified": "2010-03-15T00:00:00", "id": "ELSA-2010-0141", "href": "http://linux.oracle.com/errata/ELSA-2010-0141.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:26:21", "references": ["https://rhn.redhat.com/errata/RHSA-2015-2108.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.11-24.el7", "packageFilename": "cpio-2.11-24.el7.x86_64.rpm", "packageName": "cpio", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:2108\n\n\nThe cpio packages provide the GNU cpio utility for creating and extracting\narchives, or copying files from one place to another.\n\nA heap-based buffer overflow flaw was found in cpio's list_file() function.\nAn attacker could provide a specially crafted archive that, when processed\nby cpio, would crash cpio, or potentially lead to arbitrary code execution.\n(CVE-2014-9112)\n\nThis update fixes the following bugs:\n\n* Previously, during archive creation, cpio internals did not detect a\nread() system call failure. Based on the premise that the call succeeded,\ncpio terminated unexpectedly with a segmentation fault without processing\nfurther files. The underlying source code has been patched, and an archive\nis now created successfully. (BZ#1138148)\n\n* Previously, running the cpio command without parameters on Red Hat\nEnterprise Linux 7 with Russian as the default language resulted in an\nerror message that was not accurate in Russian due to an error in spelling.\nThis has been corrected and the Russian error message is spelled correctly.\n(BZ#1075513)\n\nAll cpio users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/002174.html\n\n**Affected packages:**\ncpio\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2108.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-11-30T19:26:10", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "cpio security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9112"], "modified": "2015-11-30T19:26:10", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/002174.html", "id": "CESA-2015:2108", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:25:05", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0143.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "i386", "packageName": "cpio", "packageFilename": "cpio-2.5-16.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "any", "packageName": "cpio", "packageFilename": "cpio-2.5-16.el4_8.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "any", "packageName": "cpio", "packageFilename": "cpio-2.5-16.el4_8.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5-16.el4_8.1", "arch": "x86_64", "packageName": "cpio", "packageFilename": "cpio-2.5-16.el4_8.1.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0143\n\n\nGNU cpio copies files into or out of a cpio or tar archive.\n\nA heap-based buffer overflow flaw was found in the way cpio expanded\narchive files. If a user were tricked into expanding a specially-crafted\narchive, it could cause the cpio executable to crash or execute arbitrary\ncode with the privileges of the user running cpio. (CVE-2010-0624)\n\nRed Hat would like to thank Jakob Lell for responsibly reporting this\nissue.\n\nUsers of cpio are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016572.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016573.html\n\n**Affected packages:**\ncpio\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0143.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-03-17T16:35:58", "title": "cpio security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0624"], "modified": "2010-03-17T16:36:17", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016572.html", "id": "CESA-2010:0143", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:45:38", "references": ["http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2010-0142.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-16.RHEL3", "arch": "i386", "packageName": "tar", "packageFilename": "tar-1.13.25-16.RHEL3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-16.RHEL3", "arch": "x86_64", "packageName": "tar", "packageFilename": "tar-1.13.25-16.RHEL3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-16.RHEL3", "arch": "any", "packageName": "tar", "packageFilename": "tar-1.13.25-16.RHEL3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.13.25-16.RHEL3", "arch": "any", "packageName": "tar", "packageFilename": "tar-1.13.25-16.RHEL3.src.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0142\n\n\nThe GNU tar program saves many files together in one archive and can\nrestore individual files (or all of the files) from that archive.\n\nA heap-based buffer overflow flaw was found in the way tar expanded archive\nfiles. If a user were tricked into expanding a specially-crafted archive,\nit could cause the tar executable to crash or execute arbitrary code with\nthe privileges of the user running tar. (CVE-2010-0624)\n\nRed Hat would like to thank Jakob Lell for responsibly reporting this\nissue.\n\nUsers of tar are advised to upgrade to this updated package, which contains\na backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016564.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016565.html\n\n**Affected packages:**\ntar\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0142.html", "edition": 2, "reporter": "CentOS Project", "published": "2010-03-17T16:26:37", "title": "tar security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0624"], "modified": "2010-03-17T16:26:50", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016564.html", "id": "CESA-2010:0142", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:26:18", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0144.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "packageFilename": "cpio-2.6-23.el5_4.1.x86_64.rpm", "packageName": "cpio", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "packageFilename": "cpio-2.6-23.el5_4.1.src.rpm", "packageName": "cpio", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "packageFilename": "cpio-2.6-23.el5_4.1.src.rpm", "packageName": "cpio", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6-23.el5_4.1", "packageFilename": "cpio-2.6-23.el5_4.1.i386.rpm", "packageName": "cpio", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0144\n\n\nGNU cpio copies files into or out of a cpio or tar archive.\n\nA heap-based buffer overflow flaw was found in the way cpio expanded\narchive files. If a user were tricked into expanding a specially-crafted\narchive, it could cause the cpio executable to crash or execute arbitrary\ncode with the privileges of the user running cpio. (CVE-2010-0624)\n\nRed Hat would like to thank Jakob Lell for responsibly reporting the\nCVE-2010-0624 issue.\n\nA denial of service flaw was found in the way cpio expanded archive files.\nIf a user expanded a specially-crafted archive, it could cause the cpio\nexecutable to crash. (CVE-2007-4476)\n\nUsers of cpio are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016556.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016557.html\n\n**Affected packages:**\ncpio\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0144.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-03-16T13:58:04", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "cpio security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4476", "CVE-2010-0624"], "modified": "2010-03-16T13:58:04", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016556.html", "id": "CESA-2010:0144", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:24:53", "references": ["http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2010-0141.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "i386", "packageName": "tar", "packageFilename": "tar-1.14-13.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.15.1-23.0.1.el5_4.2", "arch": "any", "packageName": "tar", "packageFilename": "tar-1.15.1-23.0.1.el5_4.2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.15.1-23.0.1.el5_4.2", "arch": "any", "packageName": "tar", "packageFilename": "tar-1.15.1-23.0.1.el5_4.2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "x86_64", "packageName": "tar", "packageFilename": "tar-1.14-13.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "any", "packageName": "tar", "packageFilename": "tar-1.14-13.el4_8.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.14-13.el4_8.1", "arch": "any", "packageName": "tar", "packageFilename": "tar-1.14-13.el4_8.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.15.1-23.0.1.el5_4.2", "arch": "i386", "packageName": "tar", "packageFilename": "tar-1.15.1-23.0.1.el5_4.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.15.1-23.0.1.el5_4.2", "arch": "x86_64", "packageName": "tar", "packageFilename": "tar-1.15.1-23.0.1.el5_4.2.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0141\n\n\nThe GNU tar program saves many files together in one archive and can\nrestore individual files (or all of the files) from that archive.\n\nA heap-based buffer overflow flaw was found in the way tar expanded archive\nfiles. If a user were tricked into expanding a specially-crafted archive,\nit could cause the tar executable to crash or execute arbitrary code with\nthe privileges of the user running tar. (CVE-2010-0624)\n\nRed Hat would like to thank Jakob Lell for responsibly reporting the\nCVE-2010-0624 issue.\n\nA denial of service flaw was found in the way tar expanded archive files.\nIf a user expanded a specially-crafted archive, it could cause the tar\nexecutable to crash. (CVE-2007-4476)\n\nUsers of tar are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016558.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016559.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016570.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016571.html\n\n**Affected packages:**\ntar\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0141.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-03-16T13:59:13", "title": "tar security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4476", "CVE-2010-0624"], "modified": "2010-03-17T16:34:45", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016558.html", "id": "CESA-2010:0141", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:45:27", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0145.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.5-6.RHEL3", "packageFilename": "cpio-2.5-6.RHEL3.i386.rpm", "packageName": "cpio", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.5-6.RHEL3", "packageFilename": "cpio-2.5-6.RHEL3.x86_64.rpm", "packageName": "cpio", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.5-6.RHEL3", "packageFilename": "cpio-2.5-6.RHEL3.src.rpm", "packageName": "cpio", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.5-6.RHEL3", "packageFilename": "cpio-2.5-6.RHEL3.src.rpm", "packageName": "cpio", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0145\n\n\nGNU cpio copies files into or out of a cpio or tar archive.\n\nA heap-based buffer overflow flaw was found in the way cpio expanded\narchive files. If a user were tricked into expanding a specially-crafted\narchive, it could cause the cpio executable to crash or execute arbitrary\ncode with the privileges of the user running cpio. (CVE-2010-0624)\n\nRed Hat would like to thank Jakob Lell for responsibly reporting the\nCVE-2010-0624 issue.\n\nA stack-based buffer overflow flaw was found in the way cpio expanded large\narchive files. If a user expanded a specially-crafted archive, it could\ncause the cpio executable to crash. This issue only affected 64-bit\nplatforms. (CVE-2005-4268)\n\nUsers of cpio are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016562.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/016563.html\n\n**Affected packages:**\ncpio\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0145.html", "edition": 2, "reporter": "CentOS Project", "published": "2010-03-17T16:25:35", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "cpio security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4268", "CVE-2010-0624"], "modified": "2010-03-17T16:25:40", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/016562.html", "id": "CESA-2010:0145", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:48:55", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "2.11+dfsg-0.1+deb7u1", "arch": "all", "packageFilename": "cpio_2.11+dfsg-0.1+deb7u1_all.deb", "packageName": "cpio", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3111-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nDecember 22, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : cpio\nCVE ID : CVE-2014-9112\nDebian Bug : 772793\n\nMichal Zalewski discovered an out of bounds write issue in cpio, a tool\nfor creating and extracting cpio archive files. In the process of\nfixing that issue, the cpio developers found and fixed additional\nrange checking and null pointer dereference issues.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.11+dfsg-0.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem will be\nfixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.11+dfsg-4.\n\nWe recommend that you upgrade your cpio packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2014-12-23T01:14:29", "title": "[SECURITY] [DSA 3111-1] cpio security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:48:55", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9112"], "modified": "2014-12-23T01:14:29", "id": "DEBIAN:DSA-3111-1:5E46C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00301.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:12", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "2.11-4+deb6u1", "arch": "all", "packageFilename": "cpio_2.11-4+deb6u1_all.deb", "packageName": "cpio", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "2.11-4+deb6u1", "arch": "all", "packageFilename": "cpio-win32_2.11-4+deb6u1_all.deb", "packageName": "cpio-win32", "operator": "lt"}], "description": "Package : cpio\nVersion : 2.11-4+deb6u1\nCVE ID : CVE-2014-9112\nDebian Bug : 772793\n\nMultiple issues have been identified in cpio, including a buffer overflow\nand multiple NULL pointer dereference, resulting at least in a denial of\nservice and possibly also in an unwanted code execution.\n\nThis has been fixed in Debian 6 Squeeze with version 2.11-4+deb6u1 by\napplying the upstream patches.\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 1, "reporter": "Debian", "published": "2014-12-15T14:19:07", "title": "[SECURITY] [DLA 111-1] cpio security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:12", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9112"], "modified": "2014-12-15T14:19:07", "id": "DEBIAN:DLA-111-1:B5528", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00014.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:250\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : cpio\r\n Date : December 14, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated cpio package fixes security vulnerability:\r\n \r\n Heap-based buffer overflow in the process_copy_in function in GNU\r\n Cpio 2.11 allows remote attackers to cause a denial of service via\r\n a large block value in a cpio archive (CVE-2014-9112).\r\n \r\n Additionally, a null pointer dereference in the copyin_link function\r\n which could cause a denial of service has also been fixed.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112\r\n http://advisories.mageia.org/MGASA-2014-0528.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n d5a932108438d02e4f6688c9c04a0541 mbs1/x86_64/cpio-2.11-3.1.mbs1.x86_64.rpm \r\n d3686a694c45e2304a6bc1f946361907 mbs1/SRPMS/cpio-2.11-3.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUjeZ5mqjQ0CJFipgRAiKuAJ0YOWAojKPW/wSM5cR3A342ZX+p1gCfWCq1\r\nAz2Mrc3Syzwe1uD21zAOEDE=\r\n=QY48\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-12-22T00:00:00", "title": "[ MDVSA-2014:250 ] cpio", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:56", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-9112"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:DOC:31537", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31537", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31537"], "description": "Buffer overflow in process_copy_in() function.", "edition": 1, "reporter": "BUGTRAQ", "published": "2014-12-22T00:00:00", "title": "GNU cpio buffer overflow", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:58", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "cpio", "version": "2.11", "operator": "eq"}], "cvelist": ["CVE-2014-9112"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:VULN:14167", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14167", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:36", "references": ["https://vulners.com/securityvulns/securityvulns:doc:23347"], "description": "Buffer overflow in rmt code implementation", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-03-11T00:00:00", "title": "GNU tar / cpio buffer overflow", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:36", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "cpio", "version": "2.11", "operator": "eq"}, {"name": "tar", "version": "1.23", "operator": "eq"}, {"name": "Symantec Mail Security for Microsoft Exchange", "version": "6.0", "operator": "eq"}, {"name": "Symantec Mail Security for Domino", "version": "8.0", "operator": "eq"}, {"name": "Symantec Mail Security for Domino", "version": "7.5", "operator": "eq"}], "cvelist": ["CVE-2010-0624"], "modified": "2010-03-11T00:00:00", "id": "SECURITYVULNS:VULN:10681", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10681", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:33", "references": [], "description": "I. BACKGROUND\r\n\r\nGNU Tar and GNU Cpio are popular programs for managing archive\r\nfiles. Both programs are included in many linux distributions. GNU Tar\r\nis commonly used for exchanging source code archives.\r\n\r\nBoth programs include a client implementation for the remote mag tape\r\nprotocol (rmt). This protocol allows accessing a tape device attached\r\nto a remote system via a rsh/ssh. It can also be used to\r\nextract/create archive files on another system directly using Tar/Cpio\r\n(although using rmt for accessing remote files is deprecated).\r\n\r\nII. DESCRIPTION\r\n\r\nThe rmt client implementation of GNU Tar/Cpio contains a heap-based\r\nbuffer overflow which possibly allows arbitrary code execution.\r\n\r\nThe vulnerability is in the function rmt_read__ in lib/rtapelib.c:\r\n\r\n/* Read up to LENGTH bytes into BUFFER from remote tape connection HANDLE.\r\nReturn the number of bytes read on success, SAFE_READ_ERROR on error. */\r\nsize_t\r\nrmt_read__ (int handle, char *buffer, size_t length)\r\n{\r\nchar command_buffer[COMMAND_BUFFER_SIZE];\r\nsize_t status;\r\nsize_t rlen;\r\nsize_t counter;\r\n\r\nsprintf (command_buffer, "R%lu\n", (unsigned long) length);\r\nif (do_command (handle, command_buffer) == -1\r\n || (status = get_status (handle)) == SAFE_READ_ERROR)\r\nreturn SAFE_READ_ERROR;\r\n\r\nfor (counter = 0; counter < status; counter += rlen, buffer += rlen)\r\n{\r\n rlen = safe_read (READ_SIDE (handle), buffer, status - counter);\r\n if (rlen == SAFE_READ_ERROR || rlen == 0)\r\n {\r\n _rmt_shutdown (handle, EIO);\r\n return SAFE_READ_ERROR;\r\n }\r\n}\r\n\r\nreturn status;\r\n}\r\n\r\nThe function first writes to the server how many bytes it wants to\r\nread using sprintf() and do_command(). Then it reads the number of\r\nbytes available into the variable status using get_status(). In the\r\nfor loop, the function reads status bytes from the server into the\r\nbuffer. However, it doesn't check whether status is actually less than\r\nor equal the length of the buffer given by the parameter length. So a\r\nmalicious rmt server can overwrite data on the heap following the\r\nbuffer. Successful exploitation of this bug could possibly lead to\r\narbitrary code execution.\r\n\r\nIII. EXPLOIT VECTORS\r\n\r\nThe problem can be exploited when using an untrusted/compromised rmt\r\nserver. The impact is fairly low since rmt is rarely used today and\r\nthe rmt server is in most cases considered trustworthy.\r\n\r\nHowever, this vulnerability can also be triggered when trying to\r\nextract a tar file with a colon in the filename. In this case, tar\r\ninterprets the part before the colon as a hostname (or user@hostname)\r\nand opens a rsh connection to this host. This may also be exploited if\r\nthe user uses the aunpack script from atool [1] to extract a tar\r\nfile. Many users of GNU Tar or atool don't know that rmt exists and\r\nthat tar treats filenames containing a colon differently. So a user\r\nmight run tar or aunpack on a file which he has received via email or\r\ndownloaded from a web page. Many users enter filenames using bash\r\nauto-completion and thus might not even notice that there is anything\r\nwrong with the filename.\r\n\r\nFor Cpio, this attack vector does not work since Cpio requires the\r\noption --rsh-command to use rmt. Tar has compiled in the default value\r\n"/usr/bin/rsh".\r\n\r\nIt is also possible that there are scripts out there which\r\nautomatically call Tar to extract a file with a name provided by an\r\nuntrusted source. If the script passes the filename with an (absolute\r\nor relative) path or uses the --force-local option, this problem can\r\nbe avoided\r\n\r\nNotes on rsh/ssh:\r\n\r\nGNU Tar uses /usr/bin/rsh to execute the rmt server implementation\r\n(/usr/bin/rmt) on the server. On most modern linux systems\r\n/usr/bin/rsh is just a symlink to ssh. So an attempt to exploit this\r\nvulnerability might make ssh ask the user whether to add a new key to\r\nthe known_hosts file. This gives users the possibility to cancel the\r\nprogram and thus prevent successful exploitation. However, the problem\r\ncan still be exploited if the attacker has compromised a machine which\r\nis already in the users known_hosts file or if the user has set\r\nStrictHostKeyChecking to "no" in his ssh configuration.\r\n\r\nIV. WORKAROUND\r\n\r\nDo not use the integrated rmt client of GNU Tar/Cpio if the rmt server\r\nis untrusted or potentially compromised. Always check that the\r\nfilename doesn't contain a colon when extracting tar files or use the\r\n--force-local option.\r\n\r\nV. SOLUTION:\r\n\r\nUpgrade GNU Tar to version 1.23 and GNU Cpio to version 2.11.\r\n\r\nSome Linux Distributions are going to release upgrades packages\r\ntoday or in the next few days.\r\n\r\nVI. DISCLOSURE TIMELINE\r\n\r\n2010/02/12: Vendor and major Linux Distributions notified\r\n2010/03/10: Public disclosure\r\n\r\nVI. Credit\r\n\r\nThis vulnerability has been discovered by Jakob Lell from the\r\nTU Berlin computer security working group (AGRS).\r\n\r\nhttp://www.agrs.tu-berlin.de/parameter/en/\r\n\r\nA copy of this advisory is also available on the following page:\r\n\r\nhttp://www.agrs.tu-berlin.de/index.php?id=78327\r\n\r\n\r\n[1] http://www.nongnu.org/atool/", "edition": 1, "reporter": "Securityvulns", "published": "2010-03-11T00:00:00", "title": "CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": [], "modified": "2010-03-11T00:00:00", "id": "SECURITYVULNS:DOC:23347", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23347", "cvss": {"score": 0.0, "vector": "NONE"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:47", "references": ["http://seclists.org/oss-sec/2014/q4/818", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9112", "https://savannah.gnu.org/bugs/?43709"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "2.11-5", "packageFilename": "UNKNOWN", "packageName": "cpio", "arch": "any", "operator": "lt"}], "edition": 1, "description": "A heap-based buffer overflow flaw was reported in cpio's list_file()\nfunction. Attempting to extract a malicious cpio archive could cause\ncpio to crash or, potentially, execute arbitrary code.\nAs noted in the original report, this issue could be trigger via other\nutilities, such as when running "less".", "reporter": "Arch Linux", "published": "2015-01-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "cpio: heap buffer overflow", "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9112"], "modified": "2015-01-14T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html", "id": "ASA-201501-5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=314663", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.11", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-arch/cpio", "operator": "lt"}], "edition": 1, "description": "### Background\n\nGNU cpio copies files into or out of a cpio or tar archive.\n\n### Description\n\nCpio contains a heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c. \n\n### Impact\n\nA remote server could sending more data than was requested, related to archive filenames that contain a : (colon) character, possibly resulting in execution of arbitrary code or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll cpio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/cpio-2.11\"", "reporter": "Gentoo Foundation", "published": "2013-11-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "cpio: Arbitrary code execution", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0624"], "modified": "2013-11-28T00:00:00", "id": "GLSA-201311-21", "href": "https://security.gentoo.org/glsa/201311-21", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:50", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=313333", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0624"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.23", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-arch/tar", "operator": "lt"}], "edition": 1, "description": "### Background\n\nGNU Tar is a utility to create archives as well as add and extract files from archives. \n\n### Description\n\nGNU Tar is vulnerable to a boundary error in the rmt_read__ function in lib/rtapelib.c, which could cause a heap-based buffer overflow. \n\n### Impact\n\nA remote attacker could entice the user to load a specially crafted archive, possibly resulting in the execution of arbitrary code or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU Tar users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/tar-1.23\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since July 18, 2010. It is likely that your system is already no longer affected by this issue.", "reporter": "Gentoo Foundation", "published": "2011-11-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "GNU Tar: User-assisted execution of arbitrary code", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0624"], "modified": "2011-11-20T00:00:00", "id": "GLSA-201111-11", "href": "https://security.gentoo.org/glsa/201111-11", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:23", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9112", "https://bugs.gentoo.org/show_bug.cgi?id=530512", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1197", "https://bugs.gentoo.org/show_bug.cgi?id=536010"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.11-r3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-arch/cpio", "operator": "lt"}], "edition": 1, "description": "### Background\n\nGNU cpio copies files into or out of a cpio or tar archive.\n\n### Description\n\nTwo vulnerabilities have been discovered in GNU cpio:\n\n * The list_file function in GNU cpio contains a heap-based buffer overflow vulnerability (CVE-2014-9112) \n * A directory traversal vulnerability has been found in GNU cpio (CVE-2015-1197) \n\n### Impact\n\nA remote attacker may be able to entice a user to open a specially crafted archive using GNU cpio, possibly resulting in execution of arbitrary code, a Denial of Service condition, or overwriting arbitrary files. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU cpio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/cpio-2.11-r3\"", "reporter": "Gentoo Foundation", "published": "2015-02-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "GNU cpio: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9112", "CVE-2015-1197"], "modified": "2015-02-15T00:00:00", "id": "GLSA-201502-11", "href": "https://security.gentoo.org/glsa/201502-11", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:21", "references": ["http://www.agrs.tu-berlin.de/index.php?id=78327"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.22_3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gtar", "operator": "lt"}], "description": "\nJakob Lell reports:\n\nThe rmt client implementation of GNU Tar/Cpio contains\n\t a heap-based buffer overflow which possibly allows\n\t arbitrary code execution.\nThe problem can be exploited when using an\n\t untrusted/compromised rmt server.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2010-03-24T00:00:00", "title": "gtar -- buffer overflow in rmt client", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0624"], "modified": "2010-03-24T00:00:00", "id": "C175D72F-3773-11DF-8BB8-0211D880E350", "href": "https://vuxml.freebsd.org/freebsd/c175d72f-3773-11df-8bb8-0211d880e350.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:14:43", "references": ["https://security-tracker.debian.org/tracker/CVE-2014-9112", "https://bugzilla.suse.com/show_bug.cgi?id=658010"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.11_3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gcpio", "operator": "lt"}], "description": "\nFrom the Debian Security Team:\n\nHeap-based buffer overflow in the process_copy_in\n\t function in GNU Cpio 2.11 allows remote attackers to cause\n\t a denial of service via a large block value in a cpio\n\t archive.\n\n\ncpio 2.11, when using the --no-absolute-filenames\n\t option, allows local users to write to arbitrary files\n\t via a symlink attack on a file in an archive.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-03-27T00:00:00", "title": "cpio -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9112", "CVE-2015-1197"], "modified": "2015-03-27T00:00:00", "id": "72EE9707-D7B2-11E4-8D8E-F8B156B6DCC8", "href": "https://vuxml.freebsd.org/freebsd/72ee9707-d7b2-11e4-8d8e-f8b156b6dcc8.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:36", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-201008407-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201010412-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-201008405-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201009406-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201009403-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-201008411-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX303-201102401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201009402-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "3.0.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "eq"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-201008412-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX350-201008410-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201010413-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201009411-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201010409-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}], "description": "a. Service Console update for cpio \n \nThe service console package cpio is updated to version 2.5-6.RHEL3 for ESX 3.x versions and updated to version 2.6-23.el5_4.1 for ESX 4.x versions. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues addressed in the update for ESX 3.x and the names CVE-2007-4476 and CVE-2010-0624 to the issues addressed in the update for ESX 4.x. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 3, "reporter": "VMware", "published": "2010-08-31T00:00:00", "title": "VMware ESX third party updates for Service Console", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4476", "CVE-2008-5302", "CVE-2008-5303", "CVE-2010-1168", "CVE-2005-4268", "CVE-2010-0624", "CVE-2010-1447", "CVE-2010-1321", "CVE-2010-2063"], "modified": "2011-02-14T00:00:00", "id": "VMSA-2010-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0013.html", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:00:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "CVE ID: CVE-2005-4268,CVE-2010-0624,CVE-2007-4476,CVE-2010-2063,CVE-2010-1321,CVE-2010-1168,CVE-2010-1447,CVE-2008-5302,CVE-2008-5303\r\n\r\nVMware ESX Server\u662f\u4e3a\u9002\u7528\u4e8e\u4efb\u4f55\u7cfb\u7edf\u73af\u5883\u7684\u4f01\u4e1a\u7ea7\u865a\u62df\u8ba1\u7b97\u673a\u8f6f\u4ef6\u3002\r\n\r\nESX Console OS (COS)\u5728cpio\u3001tar\u3001perl\u3001krb5\u3001samba\u7b49\u5e94\u7528\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u5176\u4e2d\u6700\u4e25\u91cd\u7684\u6f0f\u6d1e\u53ef\u9020\u6210\u670d\u52a1\u5668\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nVMWare ESX Server\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nVMWare\r\n------\r\nVMWare\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08VMSA-2010-0013\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nVMSA-2010-0013\uff1aVMware ESX third party updates for Service Console\r\n\r\n\u94fe\u63a5\uff1ahttp://www.vmware.com/security/advisories/VMSA-2010-0013.html", "reporter": "Root", "published": "2012-01-13T00:00:00", "title": "VMware ESX Service Console\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2005-4268", "CVE-2007-4476", "CVE-2008-5302", "CVE-2008-5303", "CVE-2010-0624", "CVE-2010-1168", "CVE-2010-1321", "CVE-2010-1447", "CVE-2010-2063"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2012-01-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30015", "id": "SSV:30015", "sourceData": "", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}]}
