Mandriva Linux Security Advisory : cpio (MDVSA-2010:065)

NASLDB: Mandriva Linux Security Advisory : cpio (MDVSA-2010:065)

General

ID: 45137
Name: Mandriva Linux Security Advisory : cpio (MDVSA-2010:065)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

A vulnerability has been found and corrected in cpio and tar :

Heap-based buffer overflow in the rmt_read__ function in
lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23
and GNU cpio before 2.11 allows remote rmt servers to cause a denial
of service (memory corruption) or possibly execute arbitrary code by
sending more data than was requested, related to archive filenames
that contain a : (colon) character (CVE-2010-0624).

The Tar package as shipped with Mandriva Linux is not affected by this
vulnerability, but it was patched nonetheless in order to provide
additional security to customers who recompile the package while
having the rsh package installed.

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2010-0624
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2010/03/23
Plugin Release: 2010/03/24

Plugin

Version: 1.6
Filename: mandriva_MDVSA-2010-065.nasl
Filesize: 4268 bytes
MD5 Hash: 045c62aca7f69752d0ad9f1ac0b63916

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG