CVSS: 7.6EPSS: 4%CPEs: 105EXPL: 0CVE-2012-0060 – rpm: insufficient validation of region tags
https://notcve.org/view.php?id=CVE-2012-0060
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. RPM en versiones anteriores a la 4.9.1.3 no valida apropiadamente las etiquetas "region", lo que permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una etiqueta "region" inválida en una cabecera de paquete de la función (1) headerLoad, (2) rpmReadSignature o (3) headerVerify. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html http://rhn.redhat.com/errata/RHSA-2012-0451.html http://rhn.redhat.com/errata/RHSA-2012-0531.html http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190 http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 5%CPEs: 105EXPL: 0CVE-2012-0815 – rpm: incorrect handling of negated offsets in headerVerifyInfo()
https://notcve.org/view.php?id=CVE-2012-0815
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. La función headerVerifyInfo de lib/header.c de RPM anteriores a 4.9.1.3 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un valor negativo en un elemento "region offset" de una cabecera de paquete, que no es manejado apropiadamente en una comparación de rango numérico. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html http://rhn.redhat.com/errata/RHSA-2012-0451.html http://rhn.redhat.com/errata/RHSA-2012-0531.html http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 6%CPEs: 12EXPL: 1CVE-2011-3378 – rpm: crashes and overflows on malformed header
https://notcve.org/view.php?id=CVE-2011-3378
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. RPM v4.4.x hasta v4.9.x, probablemente antes de v4.9.1.2, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código arbitrario a través de un paquete RPM con cabeceras manipuladas y "offsets" que no son manipulados correctamente cuando un paquete es consultado o instalado, relacionado con (1) la función regionSwab, (2) la función headerLoad, y (3) múltiples funciones en rpmio/rpmpgp.c. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656 http://rpm.org/wiki/Releases/4.9.1.2#Security http://www.mandriva.com/security/advisories?name=MDVSA-2011:143 http:&# • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 93EXPL: 0CVE-2010-2059 – rpm: fails to drop SUID/SGID bits on package upgrade
https://notcve.org/view.php?id=CVE-2010-2059
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file. lib/fsm.c en RPM v4.8.0 y veriones sin especificar v4.7.x y v4.6.x, y RPM anterior a v4.4.3, no resetea adecuadamente los metadatos de un archivo ejecutable durante el reemplazo del archivo en una actualización del paquete RPM, lo que podría permitir a usuarios locales obtener privilegios creando un enlace duro a un archivo vulnerable (1)setuid o (2) setgid. • http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://marc.info/?l=oss-security&m=127559059928131&w=2 http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383 http://secunia.com/advisories/40028 http&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 87EXPL: 0CVE-2005-4889 – rpm: fails to drop SUID/SGID bits on package removal
https://notcve.org/view.php?id=CVE-2005-4889
lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059. lib/fsm.c en RPM antes de v4.4.3 no reinicia los metadatos de un archivo ejecutable durante la eliminación de los archivos en una eliminación de paquetes con RPM, lo que podría permitir a usuarios locales conseguir privilegios mediante la creación de un vínculo físico a un fichero vulnerable (1) con permiso setuid o (2) con permiso setgid. Se trata de un problema relacionado con la CVE-2010-2059. • http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz http://www.mandriva.com/security/advisories?name=MDVSA-2010:180 https://bugzilla.redhat.com/show_bug.cgi?id=125517 https://bugzilla.redhat.com/show_bug.cgi?id=598775 https://exchange.xforce.ibmcloud.com/vulnerabilities/59426 https://access.redhat.com/security/cve/CVE-2005-4889 https://bugzilla.redhat.com/show_bug.cgi?id=625756 • CWE-264: Permissions, Privileges, and Access Controls •