ID de Prueba:	1.3.6.1.4.1.25623.1.0.880653
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for cpio CESA-2010:0144 centos5 i386
Resumen:	The remote host is missing an update for the 'cpio'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'cpio' package(s) announced via the referenced advisory. Vulnerability Insight: GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges of the user running cpio. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting the CVE-2010-0624 issue. A denial of service flaw was found in the way cpio expanded archive files. If a user expanded a specially-crafted archive, it could cause the cpio executable to crash. (CVE-2007-4476) Users of cpio are advised to upgrade to this updated package, which contains backported patches to correct these issues. Affected Software/OS: cpio on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4476 1021680 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1 26445 http://www.securityfocus.com/bid/26445 26674 http://secunia.com/advisories/26674 26987 http://secunia.com/advisories/26987 27331 http://secunia.com/advisories/27331 27453 http://secunia.com/advisories/27453 27514 http://secunia.com/advisories/27514 27681 http://secunia.com/advisories/27681 27857 http://secunia.com/advisories/27857 28255 http://secunia.com/advisories/28255 29968 http://secunia.com/advisories/29968 32051 http://secunia.com/advisories/32051 33567 http://secunia.com/advisories/33567 39008 http://secunia.com/advisories/39008 ADV-2010-0628 http://www.vupen.com/english/advisories/2010/0628 ADV-2010-0629 http://www.vupen.com/english/advisories/2010/0629 DSA-1438 http://www.debian.org/security/2007/dsa-1438 DSA-1566 http://www.debian.org/security/2008/dsa-1566 FEDORA-2007-2673 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html FEDORA-2007-735 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html GLSA-200711-18 http://security.gentoo.org/glsa/glsa-200711-18.xml MDKSA-2007:197 http://www.mandriva.com/security/advisories?name=MDKSA-2007:197 MDKSA-2007:233 http://www.mandriva.com/security/advisories?name=MDKSA-2007:233 RHSA-2010:0141 http://www.redhat.com/support/errata/RHSA-2010-0141.html RHSA-2010:0144 http://www.redhat.com/support/errata/RHSA-2010-0144.html SUSE-SR:2007:018 http://www.novell.com/linux/security/advisories/2007_18_sr.html SUSE-SR:2007:019 http://www.novell.com/linux/security/advisories/2007_19_sr.html USN-650-1 http://www.ubuntu.com/usn/usn-650-1 USN-709-1 http://www.ubuntu.com/usn/usn-709-1 http://bugs.gentoo.org/show_bug.cgi?id=196978 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://bugzilla.redhat.com/show_bug.cgi?id=280961 https://issues.rpath.com/browse/RPL-1861 oval:org.mitre.oval:def:7114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114 oval:org.mitre.oval:def:8599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599 oval:org.mitre.oval:def:9336 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336 Common Vulnerability Exposure (CVE) ID: CVE-2010-0624 Bugtraq: 20101027 rPSA-2010-0070-1 cpio tar (Google Search) http://www.securityfocus.com/archive/1/514503/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038149.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.html http://security.gentoo.org/glsa/glsa-201111-11.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:065 http://www.agrs.tu-berlin.de/index.php?id=78327 http://osvdb.org/62950 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6907 http://www.redhat.com/support/errata/RHSA-2010-0142.html http://www.redhat.com/support/errata/RHSA-2010-0145.html http://secunia.com/advisories/38869 http://secunia.com/advisories/38988 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.ubuntu.com/usn/USN-2456-1 http://www.vupen.com/english/advisories/2010/0639 http://www.vupen.com/english/advisories/2010/0687 http://www.vupen.com/english/advisories/2010/0728 http://www.vupen.com/english/advisories/2010/0729 http://www.vupen.com/english/advisories/2010/1107
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.