Ubuntu Update For Cpio USN-2456-1 Network Vulnerability

Summary

Check the version of cpio

Solution

Please Install the Updated Packages.

Insight

Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112) Jakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-0624)

Affected

cpio on Ubuntu 14.10 , Ubuntu 14.04 LTS , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS

Detection

Get the installed version with the help of detect NVT and check if the version is vulnerable or not.

Severity

Classification

CVE CVE-2010-0624, CVE-2014-9112

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for cups USN-2341-1
Ubuntu Update for clamav USN-1179-1
Ubuntu Update for cups USN-2144-1
Ubuntu Update for colord USN-1289-1
Ubuntu Update for apache2 vulnerabilities USN-908-1

Ubuntu Update for cpio USN-2456-1

Take action and discover your vulnerabilities