// For flags

CVE-2013-6435

rpm: race condition during the installation process

Severity Score

7.6
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

Condición de carrera en RPM 4.11.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de un fichero RPM manipulado cuyo instalación extrae los contenidos de ficheros temporales antes de validar la firma, tal y como fue demostrado mediante la instalación de un fichero en el directorio /etc/cron.d.

It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-11-04 CVE Reserved
  • 2014-12-09 CVE Published
  • 2024-03-01 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
<= 4.11.1
Search vendor "Rpm" for product "Rpm" and version " <= 4.11.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.2
Search vendor "Rpm" for product "Rpm" and version "1.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.3
Search vendor "Rpm" for product "Rpm" and version "1.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.3.1
Search vendor "Rpm" for product "Rpm" and version "1.3.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.4
Search vendor "Rpm" for product "Rpm" and version "1.4"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.4.1
Search vendor "Rpm" for product "Rpm" and version "1.4.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.4.2
Search vendor "Rpm" for product "Rpm" and version "1.4.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.4.2\/a
Search vendor "Rpm" for product "Rpm" and version "1.4.2\/a"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.4.3
Search vendor "Rpm" for product "Rpm" and version "1.4.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.4.4
Search vendor "Rpm" for product "Rpm" and version "1.4.4"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.4.5
Search vendor "Rpm" for product "Rpm" and version "1.4.5"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.4.6
Search vendor "Rpm" for product "Rpm" and version "1.4.6"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
1.4.7
Search vendor "Rpm" for product "Rpm" and version "1.4.7"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0
Search vendor "Rpm" for product "Rpm" and version "2.0"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.1
Search vendor "Rpm" for product "Rpm" and version "2.0.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.2
Search vendor "Rpm" for product "Rpm" and version "2.0.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.3
Search vendor "Rpm" for product "Rpm" and version "2.0.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.4
Search vendor "Rpm" for product "Rpm" and version "2.0.4"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.5
Search vendor "Rpm" for product "Rpm" and version "2.0.5"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.6
Search vendor "Rpm" for product "Rpm" and version "2.0.6"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.7
Search vendor "Rpm" for product "Rpm" and version "2.0.7"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.8
Search vendor "Rpm" for product "Rpm" and version "2.0.8"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.9
Search vendor "Rpm" for product "Rpm" and version "2.0.9"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.10
Search vendor "Rpm" for product "Rpm" and version "2.0.10"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.0.11
Search vendor "Rpm" for product "Rpm" and version "2.0.11"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.1
Search vendor "Rpm" for product "Rpm" and version "2.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.1.1
Search vendor "Rpm" for product "Rpm" and version "2.1.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.1.2
Search vendor "Rpm" for product "Rpm" and version "2.1.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2
Search vendor "Rpm" for product "Rpm" and version "2.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.1
Search vendor "Rpm" for product "Rpm" and version "2.2.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.2
Search vendor "Rpm" for product "Rpm" and version "2.2.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.3
Search vendor "Rpm" for product "Rpm" and version "2.2.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.3.10
Search vendor "Rpm" for product "Rpm" and version "2.2.3.10"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.3.11
Search vendor "Rpm" for product "Rpm" and version "2.2.3.11"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.4
Search vendor "Rpm" for product "Rpm" and version "2.2.4"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.5
Search vendor "Rpm" for product "Rpm" and version "2.2.5"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.6
Search vendor "Rpm" for product "Rpm" and version "2.2.6"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.7
Search vendor "Rpm" for product "Rpm" and version "2.2.7"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.8
Search vendor "Rpm" for product "Rpm" and version "2.2.8"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.9
Search vendor "Rpm" for product "Rpm" and version "2.2.9"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.10
Search vendor "Rpm" for product "Rpm" and version "2.2.10"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.2.11
Search vendor "Rpm" for product "Rpm" and version "2.2.11"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.3
Search vendor "Rpm" for product "Rpm" and version "2.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.3.1
Search vendor "Rpm" for product "Rpm" and version "2.3.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.3.2
Search vendor "Rpm" for product "Rpm" and version "2.3.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.3.3
Search vendor "Rpm" for product "Rpm" and version "2.3.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.3.4
Search vendor "Rpm" for product "Rpm" and version "2.3.4"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.3.5
Search vendor "Rpm" for product "Rpm" and version "2.3.5"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.3.6
Search vendor "Rpm" for product "Rpm" and version "2.3.6"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.3.7
Search vendor "Rpm" for product "Rpm" and version "2.3.7"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.3.8
Search vendor "Rpm" for product "Rpm" and version "2.3.8"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.3.9
Search vendor "Rpm" for product "Rpm" and version "2.3.9"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.4.1
Search vendor "Rpm" for product "Rpm" and version "2.4.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.4.2
Search vendor "Rpm" for product "Rpm" and version "2.4.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.4.3
Search vendor "Rpm" for product "Rpm" and version "2.4.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.4.4
Search vendor "Rpm" for product "Rpm" and version "2.4.4"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.4.5
Search vendor "Rpm" for product "Rpm" and version "2.4.5"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.4.6
Search vendor "Rpm" for product "Rpm" and version "2.4.6"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.4.8
Search vendor "Rpm" for product "Rpm" and version "2.4.8"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.4.9
Search vendor "Rpm" for product "Rpm" and version "2.4.9"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.4.11
Search vendor "Rpm" for product "Rpm" and version "2.4.11"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.4.12
Search vendor "Rpm" for product "Rpm" and version "2.4.12"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.5
Search vendor "Rpm" for product "Rpm" and version "2.5"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.5.1
Search vendor "Rpm" for product "Rpm" and version "2.5.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.5.2
Search vendor "Rpm" for product "Rpm" and version "2.5.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.5.3
Search vendor "Rpm" for product "Rpm" and version "2.5.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.5.4
Search vendor "Rpm" for product "Rpm" and version "2.5.4"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.5.5
Search vendor "Rpm" for product "Rpm" and version "2.5.5"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.5.6
Search vendor "Rpm" for product "Rpm" and version "2.5.6"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
2.6.7
Search vendor "Rpm" for product "Rpm" and version "2.6.7"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
3.0
Search vendor "Rpm" for product "Rpm" and version "3.0"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
3.0.1
Search vendor "Rpm" for product "Rpm" and version "3.0.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
3.0.2
Search vendor "Rpm" for product "Rpm" and version "3.0.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
3.0.3
Search vendor "Rpm" for product "Rpm" and version "3.0.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
3.0.4
Search vendor "Rpm" for product "Rpm" and version "3.0.4"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
3.0.5
Search vendor "Rpm" for product "Rpm" and version "3.0.5"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
3.0.6
Search vendor "Rpm" for product "Rpm" and version "3.0.6"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.0.
Search vendor "Rpm" for product "Rpm" and version "4.0."
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.0.1
Search vendor "Rpm" for product "Rpm" and version "4.0.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.0.2
Search vendor "Rpm" for product "Rpm" and version "4.0.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.0.3
Search vendor "Rpm" for product "Rpm" and version "4.0.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.0.4
Search vendor "Rpm" for product "Rpm" and version "4.0.4"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.1
Search vendor "Rpm" for product "Rpm" and version "4.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.3.3
Search vendor "Rpm" for product "Rpm" and version "4.3.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.4.2.1
Search vendor "Rpm" for product "Rpm" and version "4.4.2.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.4.2.2
Search vendor "Rpm" for product "Rpm" and version "4.4.2.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.4.2.3
Search vendor "Rpm" for product "Rpm" and version "4.4.2.3"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.5.90
Search vendor "Rpm" for product "Rpm" and version "4.5.90"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.6.0
Search vendor "Rpm" for product "Rpm" and version "4.6.0"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.6.0
Search vendor "Rpm" for product "Rpm" and version "4.6.0"
rc1
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.6.0
Search vendor "Rpm" for product "Rpm" and version "4.6.0"
rc2
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.6.0
Search vendor "Rpm" for product "Rpm" and version "4.6.0"
rc3
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.6.0
Search vendor "Rpm" for product "Rpm" and version "4.6.0"
rc4
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.6.1
Search vendor "Rpm" for product "Rpm" and version "4.6.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.7.0
Search vendor "Rpm" for product "Rpm" and version "4.7.0"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.7.1
Search vendor "Rpm" for product "Rpm" and version "4.7.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.7.2
Search vendor "Rpm" for product "Rpm" and version "4.7.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.8.0
Search vendor "Rpm" for product "Rpm" and version "4.8.0"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.8.1
Search vendor "Rpm" for product "Rpm" and version "4.8.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.9.0
Search vendor "Rpm" for product "Rpm" and version "4.9.0"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.9.0
Search vendor "Rpm" for product "Rpm" and version "4.9.0"
alpha
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.9.0
Search vendor "Rpm" for product "Rpm" and version "4.9.0"
beta1
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.9.0
Search vendor "Rpm" for product "Rpm" and version "4.9.0"
rc1
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.9.1
Search vendor "Rpm" for product "Rpm" and version "4.9.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.9.1.1
Search vendor "Rpm" for product "Rpm" and version "4.9.1.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.9.1.2
Search vendor "Rpm" for product "Rpm" and version "4.9.1.2"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.10.0
Search vendor "Rpm" for product "Rpm" and version "4.10.0"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.10.1
Search vendor "Rpm" for product "Rpm" and version "4.10.1"
-
Affected
Rpm
Search vendor "Rpm"
Rpm
Search vendor "Rpm" for product "Rpm"
4.10.2
Search vendor "Rpm" for product "Rpm" and version "4.10.2"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected