Mandriva Update For Cpio MDKSA-2007:233 (cpio) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Buffer overflow in the safer_name_suffix function in GNU cpio has unspecified attack vectors and impact, resulting in a crashing stack. This problem is originally found in tar, but affects cpio too, due to similar code fragments. (CVE-2007-4476) Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. This is an old issue, affecting only Mandriva Corporate Server 4 and Mandriva Linux 2007. (CVE-2005-1229) Updated package fixes these issues.

Affected

cpio on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2005-1229, CVE-2007-4476
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:003 (python)
Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
Mandrake Security Advisory MDVSA-2009:005 (xterm)
Mandrake Security Advisory MDVSA-2009:142 (jasper)
Mandrake Security Advisory MDVSA-2009:168 (apache)

Mandriva Update for cpio MDKSA-2007:233 (cpio)

Take action and discover your vulnerabilities