FreeBSD Security Advisory (FreeBSD-SA-06:03.cpio.asc) Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:03.cpio.asc

Solution

Upgrade your system to the appropriate stable release or security branch dated after the correction date https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:03.cpio.asc

Insight

The cpio utility copies files into or out of a cpio or tar archive. A number of issues has been discovered in cpio: . When creating a new file, cpio closes the file before setting its permissions. (CVE-2005-1111) . When extracting files cpio does not properly sanitize file names to filter out .. components, even if the --no-absolute-filenames option is used. (CVE-2005-1229) . When adding large files (larger than 4 GB) to a cpio archive on 64-bit platforms an internal buffer might overflow. (CVE-2005-4268)

Severity

Classification

CVE CVE-2005-1111
CVSS Base Score: 3.7
AV:L/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: mambo
FreeBSD Ports: p5-Config-IniFiles
FreeBSD Ports: phpMyAdmin
FreeBSD Ports: linux-realplayer
FreeBSD Ports: gedit

Take action and discover your vulnerabilities