Page 3 of 21 results (0.008 seconds)

CVSS: 7.6EPSS: 9%CPEs: 110EXPL: 0

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. Condición de carrera en RPM 4.11.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de un fichero RPM manipulado cuyo instalación extrae los contenidos de ficheros temporales antes de validar la firma, tal y como fue demostrado mediante la instalación de un fichero en el directorio /etc/cron.d. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. • http://advisories.mageia.org/MGASA-2014-0529.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://rhn.redhat.com/errata/RHSA-2014-1974.html http://rhn.redhat.com/errata/RHSA-2014-1975.html http://rhn.redhat.com/errata/RHSA-2014-1976.html http://www.debian.org/security/2015/dsa-3129 http://www.mandriva.com/security/advisories?name=MDVSA-2014:251 http://www.mandriva.com/security/advisories?name=MDVSA-2015:056 http://www.oracle.com/technetwork/topics/ • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package. La función rpmpkgRead en lib/package.c en RPM v4.10.x antes de v4.10.2 no devuelve un código de error en determinadas situaciones relacionadas con una "firma no analizable", lo que permite a atacantes remotos evitar los controles de firmas a través de un paquete RPM diseñado para tal fin. • http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43 http://rpm.org/wiki/Releases/4.10.2 http://secunia.com/advisories/51706 http://www.openwall.com/lists/oss-security/2013/01/03/9 http://www.securityfocus.com/bid/57138 http://www.ubuntu.com/usn/USN-1694-1 https://bugzilla.novell.com/show_bug.cgi?id=796375 https://exchange.xforce.ibmcloud.com/vulnerabilities/80953 • CWE-255: Credentials Management Errors •

CVSS: 7.6EPSS: 4%CPEs: 105EXPL: 0

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. La función headerLoad de lib/header.c de RPM anteriores a 4.9.1.3 no validan apropiadamente las etiquetas "region", lo que permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de tamaño extenso de "region" en una cabecera de paquete. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html http://rhn.redhat.com/errata/RHSA-2012-0451.html http://rhn.redhat.com/errata/RHSA-2012-0531.html http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 4%CPEs: 105EXPL: 0

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. RPM en versiones anteriores a la 4.9.1.3 no valida apropiadamente las etiquetas "region", lo que permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una etiqueta "region" inválida en una cabecera de paquete de la función (1) headerLoad, (2) rpmReadSignature o (3) headerVerify. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html http://rhn.redhat.com/errata/RHSA-2012-0451.html http://rhn.redhat.com/errata/RHSA-2012-0531.html http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190 http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 5%CPEs: 105EXPL: 0

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. La función headerVerifyInfo de lib/header.c de RPM anteriores a 4.9.1.3 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un valor negativo en un elemento "region offset" de una cabecera de paquete, que no es manejado apropiadamente en una comparación de rango numérico. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html http://rhn.redhat.com/errata/RHSA-2012-0451.html http://rhn.redhat.com/errata/RHSA-2012-0531.html http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •