RHEL 3 : cpio (RHSA-2005:080)

low Nessus Plugin ID 17146

Synopsis

The remote Red Hat host is missing a security update.

Description

An updated cpio package that fixes a umask bug and supports large files (>2GB) is now available.

This update has been rated as having low security impact by the Red Hat Security Response Team

GNU cpio copies files into or out of a cpio or tar archive.

It was discovered that cpio uses a 0 umask when creating files using the -O (archive) option. This creates output files with mode 0666 (all can read and write) regardless of the user's umask setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-1572 to this issue.

All users of cpio should upgrade to this updated package, which resolves this issue, and adds support for large files (> 2GB).

Solution

Update the affected cpio package.

See Also

https://access.redhat.com/security/cve/cve-1999-1572

https://access.redhat.com/errata/RHSA-2005:080

Plugin Details

Severity: Low

ID: 17146

File Name: redhat-RHSA-2005-080.nasl

Version: 1.24

Type: local

Agent: unix

Published: 2/18/2005

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:cpio, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2/18/2005

Vulnerability Publication Date: 7/16/1996

Reference Information

CVE: CVE-1999-1572

RHSA: 2005:080