Mandrake Linux Security Advisory : cpio (MDKSA-2007:233)
High Nessus Plugin ID 28352
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionBuffer overflow in the safer_name_suffix function in GNU cpio has unspecified attack vectors and impact, resulting in a crashing stack.
This problem is originally found in tar, but affects cpio too, due to similar code fragments. (CVE-2007-4476)
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. This is an old issue, affecting only Mandriva Corporate Server 4 and Mandriva Linux 2007. (CVE-2005-1229)
Updated package fixes these issues.
SolutionUpdate the affected cpio package.