Debian DSA-846-1 : cpio - several vulnerabilities

medium Nessus Plugin ID 19954

Synopsis

The remote Debian host is missing a security-related update.

Description

Two vulnerabilities have been discovered in cpio, a program to manage archives of files. The Common Vulnerabilities and Exposures project identifies the following problems :

- CAN-2005-1111 Imran Ghory discovered a race condition in setting the file permissions of files extracted from cpio archives.
A local attacker with write access to the target directory could exploit this to alter the permissions of arbitrary files the extracting user has write permissions for.

- CAN-2005-1229

Imran Ghory discovered that cpio does not sanitise the path of extracted files even if the
--no-absolute-filenames option was specified. This can be exploited to install files in arbitrary locations where the extracting user has write permissions to.

Solution

Upgrade the cpio package.

For the old stable distribution (woody) these problems have been fixed in version 2.4.2-39woody2.

For the stable distribution (sarge) these problems have been fixed in version 2.5-1.3.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306693

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305372

http://www.debian.org/security/2005/dsa-846

Plugin Details

Severity: Medium

ID: 19954

File Name: debian_DSA-846.nasl

Version: 1.19

Type: local

Agent: unix

Published: 10/11/2005

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:cpio, cpe:/o:debian:debian_linux:3.1, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 10/7/2005

Vulnerability Publication Date: 4/20/2005

Reference Information

CVE: CVE-2005-1111, CVE-2005-1229

DSA: 846