Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-189-1] cpio vulnerabilities

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-189-1] cpio vulnerabilities
Date: Thu, 29 Sep 2005 12:57:45 +0200 
===========================================================
Ubuntu Security Notice USN-189-1         September 29, 2005
cpio vulnerabilities
CAN-2005-1111, CAN-2005-1229
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

cpio

The problem can be corrected by upgrading the affected package to
version 2.5-1.1ubuntu0.2 (for Ubuntu 4.10), or 2.5-1.1ubuntu1.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Imran Ghory found a race condition in the handling of output files.
While a file was unpacked with cpio, a local attacker with write
permissions to the target directory could exploit this to change the
permissions of arbitrary files of the cpio user. (CAN-2005-1111)

Imran Ghory discovered a path traversal vulnerability. Even when the
--no-absolute-filenames option was specified, cpio did not filter out
".." path components. By tricking an user into unpacking a malicious
cpio archive, this could be exploited to install files in arbitrary
paths with the privileges of the user calling cpio. (CAN-2005-1229)


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2.diff.gz
      Size/MD5:    27421 3800b28741820b67d89b8be0ca1b4c3a
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2.dsc
      Size/MD5:      551 536a242096b46cbac9caf1e034e89f88
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5.orig.tar.gz
      Size/MD5:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_amd64.deb
      Size/MD5:    68648 777b4ff7fa18697307311f3f306a61dd

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_i386.deb
      Size/MD5:    64158 6c8ee133865b826e666fe035eba229c2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu0.2_powerpc.deb
      Size/MD5:    67678 a52efbe49389c50a4c6abed05dd79e95

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1.diff.gz
      Size/MD5:    27418 0fb7a011377dd62652cacc4366d44baf
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1.dsc
      Size/MD5:      551 d78ae16b8c3bcf9bdc9348dd7dd3d02f
    http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5.orig.tar.gz
      Size/MD5:   185480 e02859af1bbbbd73fcbf757acb57e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_amd64.deb
      Size/MD5:    68686 00a2b4f57d4766e778f5de385c544549

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_i386.deb
      Size/MD5:    63972 b46cbb91273fc79d7ac1c82c3f0a27c5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/c/cpio/cpio_2.5-1.1ubuntu1.1_powerpc.deb
      Size/MD5:    67680 7f47d3eae5b01639f80c051ba77fbaa6

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-189-1] cpio vulnerabilities, Martin Pitt <=
Previous by Date:  [Full-disclosure] [USN-188-1] AbiWord vulnerability, Martin Pitt
Next by Date:  [VulnWatch] [NRVA05-08] - Arbitrary file download by NateOn Messagener's ActiveX and DoS, saintlinu
Previous by Thread:  [Full-disclosure] [USN-188-1] AbiWord vulnerability, Martin Pitt
Next by Thread:  [VulnWatch] [NRVA05-08] - Arbitrary file download by NateOn Messagener's ActiveX and DoS, saintlinu
Indexes:  [Date] [Thread] [Top] [All Lists]