CVSS: 9.8EPSS: 6%CPEs: 105EXPL: 0CVE-2012-0061 – rpm: improper validation of header contents total size in headerLoad()
https://notcve.org/view.php?id=CVE-2012-0061
04 Jun 2012 — The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. La función headerLoad de lib/header.c de RPM anteriores a 4.9.1.3 no validan apropiadamente las etiquetas "region", lo que permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio (caída) y posiblemente ejecutar códi... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 105EXPL: 0CVE-2012-0815 – rpm: incorrect handling of negated offsets in headerVerifyInfo()
https://notcve.org/view.php?id=CVE-2012-0815
04 Jun 2012 — The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. La función headerVerifyInfo de lib/header.c de RPM anteriores a 4.9.1.3 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un valor negativo en un ele... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 9%CPEs: 12EXPL: 1CVE-2011-3378 – rpm: crashes and overflows on malformed header
https://notcve.org/view.php?id=CVE-2011-3378
24 Dec 2011 — RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. RPM v4.4.x hasta v4.9.x, probablemente antes de v4.9.1.2, permite a atacantes remotos provocar una denegación de ser... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 93EXPL: 0CVE-2010-2059 – rpm: fails to drop SUID/SGID bits on package upgrade
https://notcve.org/view.php?id=CVE-2010-2059
08 Jun 2010 — lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file. lib/fsm.c en RPM v4.8.0 y veriones sin especificar v4.7.x y v4.6.x, y RPM anterior a v4.4.3, no resetea adecuadamente los metadatos de un archivo ejecutable durante el reemplazo del archiv... • http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 93EXPL: 0CVE-2010-2198
https://notcve.org/view.php?id=CVE-2010-2198
08 Jun 2010 — lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059. lib/fsm.c en RPM v4.8.0 y anteriores no resetea adecuadamente los meta... • http://marc.info/?l=oss-security&m=127559059928131&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 93EXPL: 0CVE-2010-2199
https://notcve.org/view.php?id=CVE-2010-2199
08 Jun 2010 — lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059. lib/fsm.c en RPM 4.8.0 y anteriores, no reinicia adecuadamente los metadatos de un archivo ejecutable durante la sustitución del archivo en ... • https://bugzilla.redhat.com/show_bug.cgi?id=125517 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 93EXPL: 0CVE-2010-2197
https://notcve.org/view.php?id=CVE-2010-2197
08 Jun 2010 — rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag. rpmbuild en RPM v4.8.0 y anteriores no parse adecuadamente la sintáxis de archivos spec, lo que permite a atacantes asistidos por usuarios borrar directorios home a través de vectores relacionando una secuencia ;~ (punto y coma tilde) en la etiqueta Name. • https://bugzilla.redhat.com/show_bug.cgi?id=125517 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 87EXPL: 0CVE-2005-4889 – rpm: fails to drop SUID/SGID bits on package removal
https://notcve.org/view.php?id=CVE-2005-4889
08 Jun 2010 — lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059. lib/fsm.c en RPM antes de v4.4.3 no reinicia los metadatos de un archivo ejecutable durante la eliminación de los archivos en una eliminación de paquetes con RPM, lo que podría permitir a usuarios locales conseguir... • http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz • CWE-264: Permissions, Privileges, and Access Controls •