CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2021-35939 – rpm: checks for unsafe symlinks are not performed for intermediary directories
https://notcve.org/view.php?id=CVE-2021-35939
26 Aug 2022 — It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha detectado que la corrección de CVE-2017-7500 y CVE-2017-7501 era incompleta: la comprobación sólo es implement... • https://access.redhat.com/security/cve/CVE-2021-35939 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1CVE-2021-35937 – rpm: TOCTOU race in checks for unsafe symlinks
https://notcve.org/view.php?id=CVE-2021-35937
25 Aug 2022 — A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró una vulnerabilidad de condición de carrera en rpm. Un usuario local no privilegiado podría usar este fallo para omitir las comprobaciones introducidas en respuest... • https://access.redhat.com/security/cve/CVE-2021-35937 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 1CVE-2021-35938 – rpm: races with chown/chmod/capabilities calls during installation
https://notcve.org/view.php?id=CVE-2021-35938
25 Aug 2022 — A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un problema de enlaces simbólicos en rpm. • https://access.redhat.com/security/cve/CVE-2021-35938 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3521 – rpm: RPM does not require subkeys to have a valid binding signature
https://notcve.org/view.php?id=CVE-2021-3521
25 Jan 2022 — There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. • https://access.redhat.com/security/cve/CVE-2021-3521 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3421 – rpm: unsigned signature header leads to string injection into an rpm database
https://notcve.org/view.php?id=CVE-2021-3421
19 May 2021 — A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. Se encontró un fallo en el paquete RPM en la funcionalidad read. • https://bugzilla.redhat.com/show_bug.cgi?id=1927747 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20266 – rpm: missing length checks in hdrblobInit()
https://notcve.org/view.php?id=CVE-2021-20266
30 Apr 2021 — A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. Se detectó un fallo en RPM en la función hdrblobInit() en el archivo lib/header.c. Este fallo permite a un atacante que puede modificar el rpmdb causar una lectura fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1927741 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-31414
https://notcve.org/view.php?id=CVE-2021-31414
16 Apr 2021 — The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration. La extensión no oficial vscode-rpm-spec versiones anteriores a 0.3.2 para Visual Studio Code, permite una ejecución de código remota por medio de una configuración de espacio de trabajo diseñada • https://github.com/LaurentTreguier/vscode-rpm-spec/commit/e19fb8e29cb48cadfd3238371e060d4ffd3384f9 •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2021-20271 – rpm: Signature checks bypass via corrupted rpm package
https://notcve.org/view.php?id=CVE-2021-20271
26 Mar 2021 — A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. Se detectó un fallo en la funcionalidad de comprobación de firmas de RPM cuando se lee un archivo de paquete. Este fallo permite a un ... • https://bugzilla.redhat.com/show_bug.cgi?id=1934125 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7500
https://notcve.org/view.php?id=CVE-2017-7500
13 Aug 2018 — It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. Se ha detectado que rpm no manejaba correctamente las instalaciones RPM cuando una ruta de d... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7501 – Gentoo Linux Security Advisory 201811-22
https://notcve.org/view.php?id=CVE-2017-7501
22 Nov 2017 — It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation. Se ha descubierto que las versiones de rpm anteriores a la 4.13.0.2 emplean archivos temporales con nombres predecibles al... • https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc • CWE-59: Improper Link Resolution Before File Access ('Link Following') •