• info
• discussion
• exploit
• solution
• references

CPIO File Size Stack Buffer Overflow Vulnerability

Solution:
Please see the references for vendor advisories and fixes.


GNU cpio 2.6

• Mandriva cpio-2.6-3.3.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva cpio-2.6-3.3.102mdk.x86_64.rpm
  Mandriva Linux 10.2:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva cpio-2.6-5.1.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://wwwnew.mandriva.com/en/downloads/


• Mandriva cpio-2.6-5.1.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0:
  http://wwwnew.mandriva.com/en/downloads/

FreeBSD FreeBSD 4.11 -RELENG

• FreeBSD cpio.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch

FreeBSD FreeBSD 5.3

• FreeBSD cpio.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch

FreeBSD FreeBSD 5.4 -RELEASE

• FreeBSD cpio.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch

FreeBSD FreeBSD 6.0 -STABLE

• FreeBSD cpio.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch

FreeBSD FreeBSD 6.0 -RELEASE

• FreeBSD cpio.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch