FreeBSD Security Advisory (FreeBSD-SA-06:03.cpio.asc) Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:03.cpio.asc

Solution

Upgrade your system to the appropriate stable release or security branch dated after the correction date https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:03.cpio.asc

Insight

The cpio utility copies files into or out of a cpio or tar archive. A number of issues has been discovered in cpio: . When creating a new file, cpio closes the file before setting its permissions. (CVE-2005-1111) . When extracting files cpio does not properly sanitize file names to filter out .. components, even if the --no-absolute-filenames option is used. (CVE-2005-1229) . When adding large files (larger than 4 GB) to a cpio archive on 64-bit platforms an internal buffer might overflow. (CVE-2005-4268)

Severity

Classification

CVE CVE-2005-1111

CVSS	Base Score: 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: otrs
FreeBSD Ports: php4, php4-cgi
FreeBSD Ports: ko-helvis
FreeBSD Ports: cups-base
FreeBSD Ports: p5-Config-IniFiles

Take action and discover your vulnerabilities