Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2007-0245.html and in Red Hat Enterprise Linux 3 via https://rhn.redhat.com/errata/RHSA-2010-0145.html.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
CVE-2005-4268 cpio large filesize buffer overflow
Red Hat Security Errata
|Red Hat Enterprise Linux 4 (cpio)
|Red Hat Enterprise Linux 3 (cpio)