This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote Debian host is missing a security-related update.
Two vulnerabilities have been discovered in cpio, a program to manage
archives of files. The Common Vulnerabilities and Exposures project
identifies the following problems :
Imran Ghory discovered a race condition in setting the
file permissions of files extracted from cpio archives.
A local attacker with write access to the target
directory could exploit this to alter the permissions of
arbitrary files the extracting user has write
Imran Ghory discovered that cpio does not sanitise the
path of extracted files even if the
--no-absolute-filenames option was specified. This can
be exploited to install files in arbitrary locations
where the extracting user has write permissions to.
See also :
Upgrade the cpio package.
For the old stable distribution (woody) these problems have been fixed
in version 2.4.2-39woody2.
For the stable distribution (sarge) these problems have been fixed in
Risk factor :
Medium / CVSS Base Score : 4.6