Joined: 12 May 2004
|Posted: Wed Nov 14, 2007 10:26 pm Post subject: [ GLSA 200711-18 ] Cpio: Buffer overflow
|Gentoo Linux Security Advisory
Title: Cpio: Buffer overflow (GLSA 200711-18)
Date: November 14, 2007
GNU cpio contains a buffer overflow vulnerability, possibly resulting in a
Denial of Service.
GNU cpio copies files into or out of a cpio or tar archive.
Vulnerable: < 2.9-r1
Unaffected: >= 2.9-r1
Architectures: All supported architectures
A buffer overflow vulnerability in the safer_name_suffix() function in
GNU cpio has been discovered.
A remote attacker could entice a user to open a specially crafted
archive file resulting in a stack-based buffer overflow, possibly
crashing the application. It is disputed whether the execution of
arbitrary code is possible.
There is no known workaround at this time.
All GNU cpio users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/cpio-2.9-r1"
Last edited by GLSA on Wed Mar 07, 2012 4:25 am; edited 2 times in total