Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

FreeBSD Security Advisory (FreeBSD-SA-06:03.cpio.asc)

Information

Severity

Severity

Low

Family

Family

FreeBSD Local Security Checks

CVSSv2 Base

CVSSv2 Base

3.7

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:H/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

15 years ago

Modified

Modified

6 years ago

Share

Summary

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:03.cpio.asc

Insight

Insight

The cpio utility copies files into or out of a cpio or tar archive. A number of issues has been discovered in cpio: . When creating a new file, cpio closes the file before setting its permissions. (CVE-2005-1111) . When extracting files cpio does not properly sanitize file names to filter out .. components, even if the --no-absolute-filenames option is used. (CVE-2005-1229) . When adding large files (larger than 4 GB) to a cpio archive on 64-bit platforms an internal buffer might overflow. (CVE-2005-4268)

Solution

Solution

Upgrade your system to the appropriate stable release or security branch dated after the correction date https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:03.cpio.asc

Common Vulnerabilities and Exposures (CVE)