|
Family: Ubuntu Local Security Checks --> Category: infos
USN75-1 : cpio vulnerability Vulnerability Scan
Vulnerability Scan Summary cpio vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote package "cpio" is missing a security patch.
Description :
Recently it was discovered that cpio created world-writeable files
when used in -o/--create mode with giving an output file (with -O).
This allowed any user to modify the created cpio archives. Now cpio
respects the current umask setting of the user.
Note: This vulnerability has already been fixed in a very old version
of cpio, but the fix was never ported to the current version.
Therefore the CAN number was assigned to the year 1999.
Solution :
Upgrade to :
- cpio-2.5-1.1ubuntu0.1 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|