|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:032-1: cpio Vulnerability Scan
Vulnerability Scan Summary Check for the version of the cpio package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:032-1 (cpio).
A vulnerability in cpio was discovered where cpio would create world- writeable
files when used in -o/--create mode and giving an output file (with -O). This
would allow any user to modify the created cpio archive. The updated packages
have been patched so that cpio now respects the current umask setting of the
user.
Update:
The updated cpio packages for 10.1, while they would install with urpmi on the
commandline, would not install via rpmdrake. The updated packages correct that.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:032-1
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|