CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2623 – rpm-ostree-client: fails to check gpg package signatures when layering
https://notcve.org/view.php?id=CVE-2017-2623
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default. Se ha descubierto que rpm-ostree y rpm-ostree-client en versiones anteriores a la 2017.3 no comprueban correctamente las firmas GPG en los paquetes al crear las capas. Los paquetes con contenido sin firmar o mal firmado podrían no ser rechazados tal y como se esperaría. • http://www.securityfocus.com/bid/96558 https://access.redhat.com/errata/RHSA-2017:0444 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2623 https://access.redhat.com/security/cve/CVE-2017-2623 https://bugzilla.redhat.com/show_bug.cgi?id=1422157 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 36%CPEs: 109EXPL: 0CVE-2014-8118 – rpm: integer overflow and stack overflow in CPIO header parsing
https://notcve.org/view.php?id=CVE-2014-8118
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. Desbordamiento de enteros en RPM 4.12 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de una cabecera CPIO manipulada en la sección 'payload' de un ficheros RPM, lo que provoca un desbordamiento de buffer basado en pila. • http://advisories.mageia.org/MGASA-2014-0529.html http://rhn.redhat.com/errata/RHSA-2014-1976.html http://www.debian.org/security/2015/dsa-3129 http://www.mandriva.com/security/advisories?name=MDVSA-2014:251 http://www.mandriva.com/security/advisories?name=MDVSA-2015:056 https://security.gentoo.org/glsa/201811-22 https://access.redhat.com/security/cve/CVE-2014-8118 https://bugzilla.redhat.com/show_bug.cgi?id=1168715 • CWE-121: Stack-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.6EPSS: 9%CPEs: 110EXPL: 0CVE-2013-6435 – rpm: race condition during the installation process
https://notcve.org/view.php?id=CVE-2013-6435
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. Condición de carrera en RPM 4.11.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de un fichero RPM manipulado cuyo instalación extrae los contenidos de ficheros temporales antes de validar la firma, tal y como fue demostrado mediante la instalación de un fichero en el directorio /etc/cron.d. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. • http://advisories.mageia.org/MGASA-2014-0529.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://rhn.redhat.com/errata/RHSA-2014-1974.html http://rhn.redhat.com/errata/RHSA-2014-1975.html http://rhn.redhat.com/errata/RHSA-2014-1976.html http://www.debian.org/security/2015/dsa-3129 http://www.mandriva.com/security/advisories?name=MDVSA-2014:251 http://www.mandriva.com/security/advisories?name=MDVSA-2015:056 http://www.oracle.com/technetwork/topics/ • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6088
https://notcve.org/view.php?id=CVE-2012-6088
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. La función rpmpkgRead en lib/package.c en RPM v4.10.x antes de v4.10.2 no devuelve un código de error en determinadas situaciones relacionadas con una "firma no analizable", lo que permite a atacantes remotos evitar los controles de firmas a través de un paquete RPM diseñado para tal fin. • http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43 http://rpm.org/wiki/Releases/4.10.2 http://secunia.com/advisories/51706 http://www.openwall.com/lists/oss-security/2013/01/03/9 http://www.securityfocus.com/bid/57138 http://www.ubuntu.com/usn/USN-1694-1 https://bugzilla.novell.com/show_bug.cgi?id=796375 https://exchange.xforce.ibmcloud.com/vulnerabilities/80953 • CWE-255: Credentials Management Errors •
CVSS: 7.6EPSS: 4%CPEs: 105EXPL: 0CVE-2012-0061 – rpm: improper validation of header contents total size in headerLoad()
https://notcve.org/view.php?id=CVE-2012-0061
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. La función headerLoad de lib/header.c de RPM anteriores a 4.9.1.3 no validan apropiadamente las etiquetas "region", lo que permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de tamaño extenso de "region" en una cabecera de paquete. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html http://rhn.redhat.com/errata/RHSA-2012-0451.html http://rhn.redhat.com/errata/RHSA-2012-0531.html http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •