Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 314663 - <app-arch/cpio-2.11: arbitrary code execution (CVE-2010-0624)
Summary: <app-arch/cpio-2.11: arbitrary code execution (CVE-2010-0624)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2010-04-11 13:44 UTC by Stefan Behte (RETIRED)
Modified: 2013-11-28 08:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-04-11 13:44:26 UTC
+++ This bug was initially created as a clone of Bug #313333 +++

CVE-2010-0624 (
  Heap-based buffer overflow in the rmt_read__ function in
  lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23
  and GNU cpio before 2.11 allows remote rmt servers to cause a denial
  of service (memory corruption) or possibly execute arbitrary code by
  sending more data than was requested, related to archive filenames
  that contain a : (colon) character.
Comment 1 SpanKY gentoo-dev 2010-07-03 02:29:15 UTC
i dont think there is any relationship to tar
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2010-07-03 07:50:56 UTC
x86 stable
Comment 3 Jeroen Roovers gentoo-dev 2010-07-05 20:28:05 UTC
Stable for HPPA.
Comment 4 Samuli Suominen gentoo-dev 2010-07-05 21:08:53 UTC
ppc64 stable
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2010-07-08 18:16:34 UTC
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2010-07-12 17:28:20 UTC
amd64 done
Comment 7 Joe Jezak (RETIRED) gentoo-dev 2010-07-18 20:47:44 UTC
Marked ppc stable.
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2011-01-02 03:39:32 UTC
Thanks, folks. GLSA request filed.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2013-11-28 08:52:40 UTC
This issue was resolved and addressed in
 GLSA 201311-21 at
by GLSA coordinator Sergey Popov (pinkbyte).