GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Nov 14, 2007 10:26 pm Post subject: [ GLSA 200711-18 ] Cpio: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: Cpio: Buffer overflow (GLSA 200711-18)
Severity: normal
Exploitable: remote
Date: November 14, 2007
Bug(s): #196978
ID: 200711-18
Synopsis
GNU cpio contains a buffer overflow vulnerability, possibly resulting in a
Denial of Service.
Background
GNU cpio copies files into or out of a cpio or tar archive.
Affected Packages
Package: app-arch/cpio
Vulnerable: < 2.9-r1
Unaffected: >= 2.9-r1
Architectures: All supported architectures
Description
A buffer overflow vulnerability in the safer_name_suffix() function in
GNU cpio has been discovered.
Impact
A remote attacker could entice a user to open a specially crafted
archive file resulting in a stack-based buffer overflow, possibly
crashing the application. It is disputed whether the execution of
arbitrary code is possible.
Workaround
There is no known workaround at this time.
Resolution
All GNU cpio users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/cpio-2.9-r1" |
References
CVE-2007-4476
Last edited by GLSA on Wed Mar 07, 2012 4:25 am; edited 2 times in total |
|
News & Announcements
