CVE-2005-4268
Summary
| CVE | CVE-2005-4268 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-12-15 18:11:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
HighAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:L/AC:H/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 172669 – CVE-2005-4268 cpio large filesize buffer overflow | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| SUSE Updates for Multiple Packages - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| SuSE Security announcements: [suse-security-announce] SUSE Security Summary Report SUSE-SR:2006:010 | af854a3a-2127-422b-91ae-364da2661108 | lists.suse.com | |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc | af854a3a-2127-422b-91ae-364da2661108 | ftp.freebsd.org | |
| Secunia - Advisories - Ubuntu update for cpio | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| CPIO File Size Stack Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| rPath update for cpio - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Cpio Large File Size Handling Denial of Service Vulnerability - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Secunia - Advisories - Fedora update for cpio | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Secunia - Advisories - FreeBSD update for cpio | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Red Hat Update for Multiple Packages - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| www.osvdb.org/22194 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| mandriva.com | af854a3a-2127-422b-91ae-364da2661108 | frontal1.mandriva.com | |
| USN-234-1: cpio vulnerability | Ubuntu security notices | af854a3a-2127-422b-91ae-364da2661108 | usn.ubuntu.com | |
| issues.rpath.com/browse/RPL-1338 | af854a3a-2127-422b-91ae-364da2661108 | issues.rpath.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2010-03-15 | Mark J Cox | This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2007-0245.html and in Red Hat Enterprise Linux 3 via https://rhn.redhat.com/errata/RHSA-2010-0145.html. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
There are currently no legacy QID mappings associated with this CVE.