ID de Prueba:	1.3.6.1.4.1.25623.1.0.880653
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for cpio CESA-2010:0144 centos5 i386
Resumen:	The remote host is missing an update for the 'cpio'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'cpio' package(s) announced via the referenced advisory. Vulnerability Insight: GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges of the user running cpio. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting the CVE-2010-0624 issue. A denial of service flaw was found in the way cpio expanded archive files. If a user expanded a specially-crafted archive, it could cause the cpio executable to crash. (CVE-2007-4476) Users of cpio are advised to upgrade to this updated package, which contains backported patches to correct these issues. Affected Software/OS: cpio on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4476 BugTraq ID: 26445 http://www.securityfocus.com/bid/26445 Debian Security Information: DSA-1438 (Google Search) http://www.debian.org/security/2007/dsa-1438 Debian Security Information: DSA-1566 (Google Search) http://www.debian.org/security/2008/dsa-1566 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html http://security.gentoo.org/glsa/glsa-200711-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:197 http://www.mandriva.com/security/advisories?name=MDKSA-2007:233 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336 http://www.redhat.com/support/errata/RHSA-2010-0141.html http://www.redhat.com/support/errata/RHSA-2010-0144.html http://secunia.com/advisories/26674 http://secunia.com/advisories/26987 http://secunia.com/advisories/27331 http://secunia.com/advisories/27453 http://secunia.com/advisories/27514 http://secunia.com/advisories/27681 http://secunia.com/advisories/27857 http://secunia.com/advisories/28255 http://secunia.com/advisories/29968 http://secunia.com/advisories/32051 http://secunia.com/advisories/33567 http://secunia.com/advisories/39008 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1 SuSE Security Announcement: SUSE-SR:2007:018 (Google Search) http://www.novell.com/linux/security/advisories/2007_18_sr.html SuSE Security Announcement: SUSE-SR:2007:019 (Google Search) http://www.novell.com/linux/security/advisories/2007_19_sr.html http://www.ubuntu.com/usn/usn-650-1 http://www.ubuntu.com/usn/usn-709-1 http://www.vupen.com/english/advisories/2010/0628 http://www.vupen.com/english/advisories/2010/0629 Common Vulnerability Exposure (CVE) ID: CVE-2010-0624 Bugtraq: 20101027 rPSA-2010-0070-1 cpio tar (Google Search) http://www.securityfocus.com/archive/1/514503/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038149.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.html http://security.gentoo.org/glsa/glsa-201111-11.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:065 http://www.agrs.tu-berlin.de/index.php?id=78327 http://osvdb.org/62950 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6907 http://www.redhat.com/support/errata/RHSA-2010-0142.html http://www.redhat.com/support/errata/RHSA-2010-0145.html http://secunia.com/advisories/38869 http://secunia.com/advisories/38988 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.ubuntu.com/usn/USN-2456-1 http://www.vupen.com/english/advisories/2010/0639 http://www.vupen.com/english/advisories/2010/0687 http://www.vupen.com/english/advisories/2010/0728 http://www.vupen.com/english/advisories/2010/0729 http://www.vupen.com/english/advisories/2010/1107
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.