|
|
Log in / Subscribe / Register

cpio: arbitrary code execution

Package(s):cpio CVE #(s):CVE-2005-4268
Created:January 2, 2006 Updated:March 17, 2010
Description: Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:
CentOS CESA-2010:0145 cpio 2010-03-17
Red Hat RHSA-2010:0145-01 cpio 2010-03-15
rPath rPSA-2007-0094-1 cpio 2007-05-07
Red Hat RHSA-2007:0245-02 cpio 2007-05-01
Ubuntu USN-234-1 cpio 2006-01-02
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds