Vulnerability Details : CVE-2005-4268
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2005-4268
- cpe:2.3:a:gnu:cpio:2.6-8:*:fedora_core_4_64bit:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-4268
0.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-4268
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.7
|
LOW | AV:L/AC:H/Au:N/C:P/I:P/A:P |
1.9
|
6.4
|
NIST |
CWE ids for CVE-2005-4268
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2005-4268
-
Red Hat 2010-03-15This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2007-0245.html and in Red Hat Enterprise Linux 3 via https://rhn.redhat.com/errata/RHSA-2010-0145.html. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2005-4268
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/23855
GNU cpio file size buffer overflow CVE-2010-1168 Vulnerability Report
-
http://www.securityfocus.com/bid/16057
-
http://www.redhat.com/support/errata/RHSA-2010-0145.html
Support
-
https://issues.rpath.com/browse/RPL-1338
-
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc
-
http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:237
Mandriva
-
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
Object not found!
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10450
404 Not Found
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6860
404 Not Found
-
https://usn.ubuntu.com/234-1/
404: Page not found | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2007-0245.html
Support
-
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669
172669 – CVE-2005-4268 cpio large filesize buffer overflow
Jump to