Synopsis :

The remote Debian host is missing a security-related update.

Description :

Two vulnerabilities have been discovered in cpio, a program to manage
archives of files. The Common Vulnerabilities and Exposures project
identifies the following problems :

- CAN-2005-1111
Imran Ghory discovered a race condition in setting the
file permissions of files extracted from cpio archives.
A local attacker with write access to the target
directory could exploit this to alter the permissions of
arbitrary files the extracting user has write
permissions for.

- CAN-2005-1229

Imran Ghory discovered that cpio does not sanitise the
path of extracted files even if the
--no-absolute-filenames option was specified. This can
be exploited to install files in arbitrary locations
where the extracting user has write permissions to.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306693
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305372
http://www.debian.org/security/2005/dsa-846

Solution :

Upgrade the cpio package.

For the old stable distribution (woody) these problems have been fixed
in version 2.4.2-39woody2.

For the stable distribution (sarge) these problems have been fixed in
version 2.5-1.3.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)