Test ID:	1.3.6.1.4.1.25623.1.0.54330
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2005:116 (cpio)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to cpio announced via advisory MDKSA-2005:116. A race condition has been found in cpio 2.6 and earlier which allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. (CVE-2005-1111) A vulnerability has been discovered in cpio that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. Cpio will extract to the path specified in the cpio file, this path can be absolute. (CVE-2005-1229) The updated packages have been patched to address both of these issues. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:116 Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1111 BugTraq ID: 13159 http://www.securityfocus.com/bid/13159 Bugtraq: 20050413 cpio TOCTOU file-permissions vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111342664116120&w=2 Debian Security Information: DSA-846 (Google Search) http://www.debian.org/security/2005/dsa-846 FreeBSD Security Advisory: FreeBSD-SA-06:03 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc http://www.osvdb.org/15725 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 http://www.redhat.com/support/errata/RHSA-2005-378.html http://www.redhat.com/support/errata/RHSA-2005-806.html SCO Security Bulletin: SCOSA-2005.32 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt SCO Security Bulletin: SCOSA-2006.2 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt http://secunia.com/advisories/16998 http://secunia.com/advisories/17123 http://secunia.com/advisories/17532 http://secunia.com/advisories/18290 http://secunia.com/advisories/18395 http://secunia.com/advisories/20117 SuSE Security Announcement: SUSE-SR:2006:010 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://www.ubuntu.com/usn/usn-189-1 Common Vulnerability Exposure (CVE) ID: CVE-2005-1229 BugTraq ID: 13291 http://www.securityfocus.com/bid/13291 Bugtraq: 20050420 cpio directory traversal vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111403177526312&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2007:233 http://www.osvdb.org/17939 http://secunia.com/advisories/27857 XForce ISS Database: cpio-directory-traversal(20204) https://exchange.xforce.ibmcloud.com/vulnerabilities/20204
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.