CVE-2005-4268

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc

http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:237

http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html

http://secunia.com/advisories/18251

http://secunia.com/advisories/18278

http://secunia.com/advisories/18280

http://secunia.com/advisories/18395

http://secunia.com/advisories/20117

http://secunia.com/advisories/25098

http://secunia.com/advisories/25161

http://www.osvdb.org/22194

http://www.redhat.com/support/errata/RHSA-2007-0245.html

http://www.redhat.com/support/errata/RHSA-2010-0145.html

http://www.securityfocus.com/bid/16057

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669

https://exchange.xforce.ibmcloud.com/vulnerabilities/23855

https://issues.rpath.com/browse/RPL-1338

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10450

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6860

https://usn.ubuntu.com/234-1/

Details

Source: MITRE

Published: 2005-12-15

Updated: 2018-10-03

Type: CWE-119

Risk Information

CVSS v2

Base Score: 3.7

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 1.9

Severity: LOW

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
89741VMware ESX Multiple Vulnerabilities (VMSA-2010-0013) (remote check)NessusVMware ESX Local Security Checks
high
68012Oracle Linux 3 : cpio (ELSA-2010-0145)NessusOracle Linux Local Security Checks
medium
67479Oracle Linux 4 : cpio (ELSA-2007-0245)NessusOracle Linux Local Security Checks
low
67045CentOS 4 : cpio (CESA-2007:0245)NessusCentOS Local Security Checks
low
60745Scientific Linux Security Update : cpio on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60163Scientific Linux Security Update : cpio on on SL4 i386/x86_64NessusScientific Linux Local Security Checks
low
49085VMSA-2010-0013 : VMware ESX third-party updates for Service ConsoleNessusVMware ESX Local Security Checks
high
46268RHEL 3 : cpio (RHSA-2010:0145)NessusRed Hat Local Security Checks
medium
45090CentOS 3 : cpio (CESA-2010:0145)NessusCentOS Local Security Checks
medium
25141RHEL 4 : cpio (RHSA-2007:0245)NessusRed Hat Local Security Checks
low
20778Ubuntu 4.10 / 5.04 / 5.10 : cpio vulnerability (USN-234-1)NessusUbuntu Local Security Checks
low
20468Mandrake Linux Security Advisory : cpio (MDKSA-2005:237)NessusMandriva Local Security Checks
low