FreeBSD : cpio -- multiple vulnerabilities (72ee9707-d7b2-11e4-8d8e-f8b156b6dcc8)

Medium Nessus Plugin ID 82480


The remote FreeBSD host is missing a security-related update.


From the Debian Security Team :

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 82480

File Name: freebsd_pkg_72ee9707d7b211e48d8ef8b156b6dcc8.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2015/04/01

Modified: 2015/04/01

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gcpio, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/03/31

Vulnerability Publication Date: 2015/03/27

Reference Information

CVE: CVE-2014-9112, CVE-2015-1197