Lucene search
Mandriva Update for cpio MDVSA-2010:065 (cpio)
๐๏ธย 31 Mar 2010ย 00:00:00Reported byย Copyright (c) 2010 Greenbone Networks GmbHTypeย 
ย openvas๐ย plugins.openvas.org๐ย 16ย Views
Mandriva Update for cpio MDVSA-2010:065 (cpio). Heap-based buffer overflow in rmt client functionality allows remote servers to cause denial of service or possibly execute arbitrary code (CVE-2010-0624). Updated packages provide correction for this issue affected on Mandriva Linux 2008.0, 2008.0/X86_64, 2009.0, 2009.0/X86_64, 2009.1, 2009.1/X86_64, 2010.0, 2010.0/X86_64, Mandriva Enterprise Server 5, and Mandriva Enterprise Server 5/X86_64
Show more
| Reporter | Title | Published | Views | Family All 129 |
|---|---|---|---|---|
 | tar security update | 17 Mar 201015:26 | โ | centos |
| cpio security update | 17 Mar 201015:35 | โ | centos |
| cpio security update | 17 Mar 201015:25 | โ | centos |
| tar security update | 16 Mar 201012:59 | โ | centos |
| cpio security update | 16 Mar 201012:58 | โ | centos |
 | CVE-2010-0624 | 12 Mar 201020:00 | โ | cvelist |
 | GNU Tar: User-assisted execution of arbitrary code | 20 Nov 201100:00 | โ | gentoo |
| cpio: Arbitrary code execution | 28 Nov 201300:00 | โ | gentoo |
 | CVE-2010-0624 | 15 Mar 201013:28 | โ | nvd |
| Fedora Update for cpio FEDORA-2010-4302 | 31 Mar 201000:00 | โ | openvas |
10
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for cpio MDVSA-2010:065 (cpio)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "A vulnerability has been found and corrected in cpio and tar:
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c
in the rmt client functionality in GNU tar before 1.23 and GNU cpio
before 2.11 allows remote rmt servers to cause a denial of service
(memory corruption) or possibly execute arbitrary code by sending more
data than was requested, related to archive filenames that contain a :
(colon) character (CVE-2010-0624).
The Tar package as shipped with Mandriva Linux is not affected
by this vulnerability, but it was patched nonetheless in order to
provide additional security to customers who recompile the package
while having the rsh package installed.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.";
tag_affected = "cpio on Mandriva Linux 2008.0,
Mandriva Linux 2008.0/X86_64,
Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2009.1,
Mandriva Linux 2009.1/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2010-03/msg00040.php");
script_id(830959);
script_version("$Revision: 8243 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_xref(name: "MDVSA", value: "2010:065");
script_cve_id("CVE-2010-0624");
script_name("Mandriva Update for cpio MDVSA-2010:065 (cpio)");
script_tag(name: "summary" , value: "Check for the Version of cpio");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2008.0")
{
if ((res = isrpmvuln(pkg:"cpio", rpm:"cpio~2.9~2.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tar", rpm:"tar~1.18~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_mes5")
{
if ((res = isrpmvuln(pkg:"cpio", rpm:"cpio~2.9~5.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tar", rpm:"tar~1.20~7.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2010.0")
{
if ((res = isrpmvuln(pkg:"cpio", rpm:"cpio~2.10~1.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tar", rpm:"tar~1.22~2.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2009.1")
{
if ((res = isrpmvuln(pkg:"cpio", rpm:"cpio~2.9~6.1mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tar", rpm:"tar~1.21~2.1mdv2009.1", rls:"MNDK_2009.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2009.0")
{
if ((res = isrpmvuln(pkg:"cpio", rpm:"cpio~2.9~5.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tar", rpm:"tar~1.20~7.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo31 Mar 2010 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.018