CVE-2010-0624
Summary
| CVE | CVE-2010-0624 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-03-15 13:28:00 UTC |
| Updated | 2018-10-10 19:53:00 UTC |
| Description | Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gnu | Cpio | 1.0 | All | All | All |
| Application | Gnu | Cpio | 1.1 | All | All | All |
| Application | Gnu | Cpio | 1.2 | All | All | All |
| Application | Gnu | Cpio | 1.3 | All | All | All |
| Application | Gnu | Cpio | 2.4-2 | All | All | All |
| Application | Gnu | Cpio | 2.5 | All | All | All |
| Application | Gnu | Cpio | 2.5.90 | All | All | All |
| Application | Gnu | Cpio | 2.6 | All | All | All |
| Application | Gnu | Cpio | 2.7 | All | All | All |
| Application | Gnu | Cpio | 2.8 | All | All | All |
| Application | Gnu | Cpio | 2.9 | All | All | All |
| Application | Gnu | Cpio | 1.0 | All | All | All |
| Application | Gnu | Cpio | 1.1 | All | All | All |
| Application | Gnu | Cpio | 1.2 | All | All | All |
| Application | Gnu | Cpio | 1.3 | All | All | All |
| Application | Gnu | Cpio | 2.4-2 | All | All | All |
| Application | Gnu | Cpio | 2.5 | All | All | All |
| Application | Gnu | Cpio | 2.5.90 | All | All | All |
| Application | Gnu | Cpio | 2.6 | All | All | All |
| Application | Gnu | Cpio | 2.7 | All | All | All |
| Application | Gnu | Cpio | 2.8 | All | All | All |
| Application | Gnu | Cpio | 2.9 | All | All | All |
| Application | Gnu | Cpio | All | All | All | All |
| Application | Gnu | Tar | 1.13 | All | All | All |
| Application | Gnu | Tar | 1.13.11 | All | All | All |
| Application | Gnu | Tar | 1.13.14 | All | All | All |
| Application | Gnu | Tar | 1.13.16 | All | All | All |
| Application | Gnu | Tar | 1.13.17 | All | All | All |
| Application | Gnu | Tar | 1.13.18 | All | All | All |
| Application | Gnu | Tar | 1.13.19 | All | All | All |
| Application | Gnu | Tar | 1.13.25 | All | All | All |
| Application | Gnu | Tar | 1.13.5 | All | All | All |
| Application | Gnu | Tar | 1.14 | All | All | All |
| Application | Gnu | Tar | 1.14.1 | All | All | All |
| Application | Gnu | Tar | 1.14.90 | All | All | All |
| Application | Gnu | Tar | 1.15 | All | All | All |
| Application | Gnu | Tar | 1.15.1 | All | All | All |
| Application | Gnu | Tar | 1.15.90 | All | All | All |
| Application | Gnu | Tar | 1.15.91 | All | All | All |
| Application | Gnu | Tar | 1.16 | All | All | All |
| Application | Gnu | Tar | 1.16.1 | All | All | All |
| Application | Gnu | Tar | 1.17 | All | All | All |
| Application | Gnu | Tar | 1.18 | All | All | All |
| Application | Gnu | Tar | 1.19 | All | All | All |
| Application | Gnu | Tar | 1.20 | All | All | All |
| Application | Gnu | Tar | 1.21 | All | All | All |
| Application | Gnu | Tar | 1.13 | All | All | All |
| Application | Gnu | Tar | 1.13.11 | All | All | All |
| Application | Gnu | Tar | 1.13.14 | All | All | All |
| Application | Gnu | Tar | 1.13.16 | All | All | All |
| Application | Gnu | Tar | 1.13.17 | All | All | All |
| Application | Gnu | Tar | 1.13.18 | All | All | All |
| Application | Gnu | Tar | 1.13.19 | All | All | All |
| Application | Gnu | Tar | 1.13.25 | All | All | All |
| Application | Gnu | Tar | 1.13.5 | All | All | All |
| Application | Gnu | Tar | 1.14 | All | All | All |
| Application | Gnu | Tar | 1.14.1 | All | All | All |
| Application | Gnu | Tar | 1.14.90 | All | All | All |
| Application | Gnu | Tar | 1.15 | All | All | All |
| Application | Gnu | Tar | 1.15.1 | All | All | All |
| Application | Gnu | Tar | 1.15.90 | All | All | All |
| Application | Gnu | Tar | 1.15.91 | All | All | All |
| Application | Gnu | Tar | 1.16 | All | All | All |
| Application | Gnu | Tar | 1.16.1 | All | All | All |
| Application | Gnu | Tar | 1.17 | All | All | All |
| Application | Gnu | Tar | 1.18 | All | All | All |
| Application | Gnu | Tar | 1.19 | All | All | All |
| Application | Gnu | Tar | 1.20 | All | All | All |
| Application | Gnu | Tar | 1.21 | All | All | All |
| Application | Gnu | Tar | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Support / Security / Advisories / / MDVSA-2010:065 | Mandriva | MANDRIVA | www.mandriva.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Webmail - OVH | VUPEN | www.vupen.com | |
| Red Hat update for tar - Secunia.com | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| [SECURITY] Fedora 11 Update: tar-1.22-5.fc11 | FEDORA | lists.fedoraproject.org | |
| Support | REDHAT | www.redhat.com | |
| GNU Cpio "rmt" Buffer Overflow Vulnerability - Secunia.com | SECUNIA | secunia.com | |
| Support | REDHAT | www.redhat.com | |
| [SECURITY] Fedora 12 Update: cpio-2.10-5.fc12 | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 11 Update: cpio-2.9.90-8.fc11 | FEDORA | lists.fedoraproject.org | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Fedora update for cpio - Secunia.com | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| [SECURITY] Fedora 12 Update: tar-1.22-12.fc12 | FEDORA | lists.fedoraproject.org | |
| Webmail - OVH | VUPEN | www.vupen.com | |
| Gentoo Linux Documentation -- GNU Tar: User-assisted execution of arbitrary code | GENTOO | security.gentoo.org | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:011 | SUSE | lists.opensuse.org | |
| Fedora 12 Update: cpio-2.10-4.fc12 | FEDORA | lists.fedoraproject.org | |
| 62950 | OSVDB | osvdb.org | |
| 564368 – (CVE-2010-0624) CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive | CONFIRM | bugzilla.redhat.com | Patch |
| AG Rechnersicherheit: GNU tar/cpio | MISC | www.agrs.tu-berlin.de | Exploit |
| Support | REDHAT | www.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| issues.rpath.com/browse/RPL-3219 | CONFIRM | issues.rpath.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Support | REDHAT | www.redhat.com | |
| Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView | CONFIRM | kb.juniper.net | |
| USN-2456-1: GNU cpio vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| 2015-07 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView - Juniper Networks | CONFIRM | kb.juniper.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.