Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2011-12-24 19:55

Modified

2024-11-21 01:30

Severity ?

Summary

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

References

URL	Tags
secalert@redhat.com	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html
secalert@redhat.com	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f
secalert@redhat.com	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656
secalert@redhat.com	http://rpm.org/wiki/Releases/4.9.1.2#Security	Vendor Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2011:143
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/09/27/3
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-1349.html	Vendor Advisory
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1695-1
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=741606
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=741612	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/wiki/Releases/4.9.1.2#Security	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:143
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/09/27/3
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-1349.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1695-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=741606
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=741612	Exploit

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	4.4.2
rpm	rpm	4.4.2.
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2
rpm	rpm	4.4.2.3
rpm	rpm	4.6.0
rpm	rpm	4.6.1
rpm	rpm	4.7.0
rpm	rpm	4.7.1
rpm	rpm	4.7.2
rpm	rpm	4.8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "097CBFAF-5967-4C31-80F4-9436413B2020",
              "versionEndIncluding": "4.9.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E5263C-1695-4932-9C20-297067B38F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.:*:*:*:*:*:*:*",
              "matchCriteriaId": "308E9B35-F619-4BBE-B1BA-AAF0873F75D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8664CDC-6A09-45F0-B5CD-BE5688FDBB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCD5EE9-2D1F-4042-B53A-C5BA24265709",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c."
    },
    {
      "lang": "es",
      "value": "RPM v4.4.x hasta v4.9.x, probablemente antes de v4.9.1.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete RPM con cabeceras manipuladas y \"offsets\" que no son manipulados correctamente cuando un paquete es consultado o instalado, relacionado con (1) la funci\u00f3n regionSwab, (2) la funci\u00f3n headerLoad, y (3) m\u00faltiples funciones en rpmio/rpmpgp.c."
    }
  ],
  "id": "CVE-2011-3378",
  "lastModified": "2024-11-21T01:30:23.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-24T19:55:01.880",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rpm.org/wiki/Releases/4.9.1.2#Security"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/09/27/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1349.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741606"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rpm.org/wiki/Releases/4.9.1.2#Security"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/09/27/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1349.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741612"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-12-16 18:59

Modified

2024-11-21 01:59

Severity ?

Summary

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

References

▼	URL	Tags
	secalert@redhat.com	http://advisories.mageia.org/MGASA-2014-0529.html
	secalert@redhat.com	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1974.html
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1975.html
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1976.html
	secalert@redhat.com	http://www.debian.org/security/2015/dsa-3129
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2014:251
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2015:056
	secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
	secalert@redhat.com	http://www.securityfocus.com/bid/71558
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1039811
	secalert@redhat.com	https://security.gentoo.org/glsa/201811-22
	secalert@redhat.com	https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/
	af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2014-0529.html
	af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1974.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1975.html
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1976.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3129
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2014:251
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:056
	af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/71558
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1039811
	af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201811-22
	af854a3a-2127-422b-91ae-364da2661108	https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	1.2
rpm	rpm	1.3
rpm	rpm	1.3.1
rpm	rpm	1.4
rpm	rpm	1.4.1
rpm	rpm	1.4.2
rpm	rpm	1.4.2\/a
rpm	rpm	1.4.3
rpm	rpm	1.4.4
rpm	rpm	1.4.5
rpm	rpm	1.4.6
rpm	rpm	1.4.7
rpm	rpm	2.0
rpm	rpm	2.0.1
rpm	rpm	2.0.2
rpm	rpm	2.0.3
rpm	rpm	2.0.4
rpm	rpm	2.0.5
rpm	rpm	2.0.6
rpm	rpm	2.0.7
rpm	rpm	2.0.8
rpm	rpm	2.0.9
rpm	rpm	2.0.10
rpm	rpm	2.0.11
rpm	rpm	2.1
rpm	rpm	2.1.1
rpm	rpm	2.1.2
rpm	rpm	2.2
rpm	rpm	2.2.1
rpm	rpm	2.2.2
rpm	rpm	2.2.3
rpm	rpm	2.2.3.10
rpm	rpm	2.2.3.11
rpm	rpm	2.2.4
rpm	rpm	2.2.5
rpm	rpm	2.2.6
rpm	rpm	2.2.7
rpm	rpm	2.2.8
rpm	rpm	2.2.9
rpm	rpm	2.2.10
rpm	rpm	2.2.11
rpm	rpm	2.3
rpm	rpm	2.3.1
rpm	rpm	2.3.2
rpm	rpm	2.3.3
rpm	rpm	2.3.4
rpm	rpm	2.3.5
rpm	rpm	2.3.6
rpm	rpm	2.3.7
rpm	rpm	2.3.8
rpm	rpm	2.3.9
rpm	rpm	2.4.1
rpm	rpm	2.4.2
rpm	rpm	2.4.3
rpm	rpm	2.4.4
rpm	rpm	2.4.5
rpm	rpm	2.4.6
rpm	rpm	2.4.8
rpm	rpm	2.4.9
rpm	rpm	2.4.11
rpm	rpm	2.4.12
rpm	rpm	2.5
rpm	rpm	2.5.1
rpm	rpm	2.5.2
rpm	rpm	2.5.3
rpm	rpm	2.5.4
rpm	rpm	2.5.5
rpm	rpm	2.5.6
rpm	rpm	2.6.7
rpm	rpm	3.0
rpm	rpm	3.0.1
rpm	rpm	3.0.2
rpm	rpm	3.0.3
rpm	rpm	3.0.4
rpm	rpm	3.0.5
rpm	rpm	3.0.6
rpm	rpm	4.0.
rpm	rpm	4.0.1
rpm	rpm	4.0.2
rpm	rpm	4.0.3
rpm	rpm	4.0.4
rpm	rpm	4.1
rpm	rpm	4.3.3
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2
rpm	rpm	4.4.2.3
rpm	rpm	4.5.90
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.1
rpm	rpm	4.7.0
rpm	rpm	4.7.1
rpm	rpm	4.7.2
rpm	rpm	4.8.0
rpm	rpm	4.8.1
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.1
rpm	rpm	4.9.1.1
rpm	rpm	4.9.1.2
rpm	rpm	4.10.0
rpm	rpm	4.10.1
rpm	rpm	4.10.2
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDA94CF0-0F15-43AE-A55F-CAD58625F138",
              "versionEndIncluding": "4.11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "985E051C-677E-4DCD-9181-F5F33342FE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8664CDC-6A09-45F0-B5CD-BE5688FDBB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897D7B8-F2A3-4A18-83AF-5473E971DCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D0E27D80-E3C5-42A2-8794-56BA0D28EFB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F2043930-ECC5-40C6-907E-C5AF2D3EE51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "25706042-3E57-45D2-9917-5DDD818205FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "85B0DA93-4048-4F25-8D69-76F149D411BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCD5EE9-2D1F-4042-B53A-C5BA24265709",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE5D6F9-304C-4A3F-AD8E-CD7F01F8AD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63210F22-8DC0-4B0F-BAC3-962E319D36BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "65B5D793-77FC-4333-888A-57A913EA5BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "1C2A6ADF-F539-4257-AE05-7316231106C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0AF5D1C5-DDFC-4218-B3E2-0C34768DAC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97928439-BB18-4F36-928C-D5FB6F08AC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B190E4B8-794A-4B6E-B3E5-83ABDD381315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22B88DF3-BC03-401D-B46D-738D2AF1ACE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3980237-762C-40CE-B376-EA225C2F9214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "851F5ACE-A9AB-42BE-A36C-E9C4E333D293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B773DF74-6F5F-4400-B971-E42BCE13A0C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en RPM 4.11.1 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero RPM manipulado cuyo instalaci\u00f3n extrae los contenidos de ficheros temporales antes de validar la firma, tal y como fue demostrado mediante la instalaci\u00f3n de un fichero en el directorio /etc/cron.d."
    }
  ],
  "id": "CVE-2013-6435",
  "lastModified": "2024-11-21T01:59:13.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-16T18:59:00.090",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0529.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1974.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1975.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2015/dsa-3129"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/71558"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039811"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201811-22"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0529.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1974.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1975.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201811-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-08-25 20:15

Modified

2024-11-21 06:12

Severity ?

6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2021-35937	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1964125	Issue Tracking, Patch, Vendor Advisory
secalert@redhat.com	https://rpm.org/wiki/Releases/4.18.0	Release Notes
secalert@redhat.com	https://security.gentoo.org/glsa/202210-22	Third Party Advisory
secalert@redhat.com	https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2021-35937	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1964125	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://rpm.org/wiki/Releases/4.18.0	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202210-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf	Exploit, Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
rpm	rpm	*
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E92EAAF-D2B5-458B-BBF4-363FD16D3931",
              "versionEndExcluding": "4.18.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad de condici\u00f3n de carrera en rpm. Un usuario local no privilegiado podr\u00eda usar este fallo para omitir las comprobaciones introducidas en respuesta a CVE-2017-7500 y CVE-2017-7501, obteniendo potencialmente privilegios de root. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad de los datos, as\u00ed como para la disponibilidad del sistema."
    }
  ],
  "id": "CVE-2021-35937",
  "lastModified": "2024-11-21T06:12:47.177",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-25T20:15:09.243",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2021-35937"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964125"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://rpm.org/wiki/Releases/4.18.0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-22"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2021-35937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://rpm.org/wiki/Releases/4.18.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-08-22 15:15

Modified

2024-11-21 06:21

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2021-3521	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1941098	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8	Patch, Third Party Advisory
secalert@redhat.com	https://github.com/rpm-software-management/rpm/pull/1795/	Patch, Third Party Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/202210-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2021-3521	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1941098	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/pull/1795/	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202210-22	Third Party Advisory

Impacted products

	Vendor	Product	Version
	rpm	rpm	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1074C3F6-BFE3-45EC-B03B-F39E7DC4E323",
              "versionEndExcluding": "4.17.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a flaw in RPM\u0027s signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources."
    },
    {
      "lang": "es",
      "value": "Se presenta un fallo en la funcionalidad de firma de RPM. Las subclaves OpenPGP se asocian a una clave primaria por medio de una \"firma vinculante\". RPM no comprueba la firma vinculante de las subclaves antes de importarlas. Si un atacante es capaz de a\u00f1adir o hacer ingenier\u00eda social para que otra parte a\u00f1ada una subclave maliciosa a una clave p\u00fablica leg\u00edtima, RPM podr\u00eda confiar err\u00f3neamente en una firma maliciosa. El mayor impacto de este fallo es la integridad de los datos. Para explotar este fallo, un atacante debe comprometer un repositorio de RPM o convencer a un administrador para que instale un RPM o una clave p\u00fablica que no sean confiables. Es recomendado encarecidamente usar s\u00f3lo RPMs y claves p\u00fablicas de fuentes confiables."
    }
  ],
  "id": "CVE-2021-3521",
  "lastModified": "2024-11-21T06:21:45.260",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-22T15:15:13.473",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2021-3521"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/pull/1795/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2021-3521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/pull/1795/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-22"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-12-16 18:59

Modified

2024-11-21 02:18

Severity ?

Summary

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.

References

URL	Tags
secalert@redhat.com	http://advisories.mageia.org/MGASA-2014-0529.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-1976.html
secalert@redhat.com	http://www.debian.org/security/2015/dsa-3129	Vendor Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2014:251
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2015:056
secalert@redhat.com	https://security.gentoo.org/glsa/201811-22
af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2014-0529.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1976.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3129	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2014:251
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:056
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201811-22

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	1.2
rpm	rpm	1.3
rpm	rpm	1.3.1
rpm	rpm	1.4
rpm	rpm	1.4.1
rpm	rpm	1.4.2
rpm	rpm	1.4.2\/a
rpm	rpm	1.4.3
rpm	rpm	1.4.4
rpm	rpm	1.4.5
rpm	rpm	1.4.6
rpm	rpm	1.4.7
rpm	rpm	2.0
rpm	rpm	2.0.1
rpm	rpm	2.0.2
rpm	rpm	2.0.3
rpm	rpm	2.0.4
rpm	rpm	2.0.5
rpm	rpm	2.0.6
rpm	rpm	2.0.7
rpm	rpm	2.0.8
rpm	rpm	2.0.9
rpm	rpm	2.0.10
rpm	rpm	2.0.11
rpm	rpm	2.1
rpm	rpm	2.1.1
rpm	rpm	2.1.2
rpm	rpm	2.2
rpm	rpm	2.2.1
rpm	rpm	2.2.2
rpm	rpm	2.2.3
rpm	rpm	2.2.3.10
rpm	rpm	2.2.3.11
rpm	rpm	2.2.4
rpm	rpm	2.2.5
rpm	rpm	2.2.6
rpm	rpm	2.2.7
rpm	rpm	2.2.8
rpm	rpm	2.2.9
rpm	rpm	2.2.10
rpm	rpm	2.2.11
rpm	rpm	2.3
rpm	rpm	2.3.1
rpm	rpm	2.3.2
rpm	rpm	2.3.3
rpm	rpm	2.3.4
rpm	rpm	2.3.5
rpm	rpm	2.3.6
rpm	rpm	2.3.7
rpm	rpm	2.3.8
rpm	rpm	2.3.9
rpm	rpm	2.4.1
rpm	rpm	2.4.2
rpm	rpm	2.4.3
rpm	rpm	2.4.4
rpm	rpm	2.4.5
rpm	rpm	2.4.6
rpm	rpm	2.4.8
rpm	rpm	2.4.9
rpm	rpm	2.4.11
rpm	rpm	2.4.12
rpm	rpm	2.5
rpm	rpm	2.5.1
rpm	rpm	2.5.2
rpm	rpm	2.5.3
rpm	rpm	2.5.4
rpm	rpm	2.5.5
rpm	rpm	2.5.6
rpm	rpm	2.6.7
rpm	rpm	3.0
rpm	rpm	3.0.1
rpm	rpm	3.0.2
rpm	rpm	3.0.3
rpm	rpm	3.0.4
rpm	rpm	3.0.5
rpm	rpm	3.0.6
rpm	rpm	4.0.
rpm	rpm	4.0.1
rpm	rpm	4.0.2
rpm	rpm	4.0.3
rpm	rpm	4.0.4
rpm	rpm	4.1
rpm	rpm	4.3.3
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2
rpm	rpm	4.4.2.3
rpm	rpm	4.5.90
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.1
rpm	rpm	4.7.0
rpm	rpm	4.7.1
rpm	rpm	4.7.2
rpm	rpm	4.8.0
rpm	rpm	4.8.1
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.1
rpm	rpm	4.9.1.1
rpm	rpm	4.9.1.2
rpm	rpm	4.10.0
rpm	rpm	4.10.1
rpm	rpm	4.10.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59386013-F469-49E5-873C-523C6AB9D3E0",
              "versionEndIncluding": "4.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "985E051C-677E-4DCD-9181-F5F33342FE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8664CDC-6A09-45F0-B5CD-BE5688FDBB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897D7B8-F2A3-4A18-83AF-5473E971DCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D0E27D80-E3C5-42A2-8794-56BA0D28EFB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F2043930-ECC5-40C6-907E-C5AF2D3EE51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "25706042-3E57-45D2-9917-5DDD818205FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "85B0DA93-4048-4F25-8D69-76F149D411BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCD5EE9-2D1F-4042-B53A-C5BA24265709",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE5D6F9-304C-4A3F-AD8E-CD7F01F8AD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63210F22-8DC0-4B0F-BAC3-962E319D36BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "65B5D793-77FC-4333-888A-57A913EA5BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "1C2A6ADF-F539-4257-AE05-7316231106C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0AF5D1C5-DDFC-4218-B3E2-0C34768DAC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97928439-BB18-4F36-928C-D5FB6F08AC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B190E4B8-794A-4B6E-B3E5-83ABDD381315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22B88DF3-BC03-401D-B46D-738D2AF1ACE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3980237-762C-40CE-B376-EA225C2F9214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "851F5ACE-A9AB-42BE-A36C-E9C4E333D293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B773DF74-6F5F-4400-B971-E42BCE13A0C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en RPM 4.12 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cabecera CPIO manipulada en la secci\u00f3n \u0027payload\u0027 de un ficheros RPM, lo que provoca un desbordamiento de buffer basado en pila."
    }
  ],
  "id": "CVE-2014-8118",
  "lastModified": "2024-11-21T02:18:35.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-16T18:59:06.733",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://advisories.mageia.org/MGASA-2014-0529.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3129"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201811-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0529.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201811-22"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-08-25 20:15

Modified

2024-11-21 06:12

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2021-35938	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1964114	Issue Tracking, Vendor Advisory
secalert@redhat.com	https://bugzilla.suse.com/show_bug.cgi?id=1157880	Exploit, Issue Tracking, Third Party Advisory
secalert@redhat.com	https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033	Patch, Third Party Advisory
secalert@redhat.com	https://github.com/rpm-software-management/rpm/pull/1919	Patch, Third Party Advisory
secalert@redhat.com	https://rpm.org/wiki/Releases/4.18.0	Release Notes
secalert@redhat.com	https://security.gentoo.org/glsa/202210-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2021-35938	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1964114	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.suse.com/show_bug.cgi?id=1157880	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/pull/1919	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://rpm.org/wiki/Releases/4.18.0	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202210-22	Third Party Advisory

Impacted products

Vendor	Product	Version
rpm	rpm	*
fedoraproject	fedora	34
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E92EAAF-D2B5-458B-BBF4-363FD16D3931",
              "versionEndExcluding": "4.18.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado un problema de enlaces simb\u00f3licos en rpm. Es producido cuando rpm establece los permisos y credenciales deseados despu\u00e9s de instalar un archivo. Un usuario local no privilegiado podr\u00eda usar este fallo para cambiar el archivo original por un enlace simb\u00f3lico a un archivo cr\u00edtico para la seguridad y escalar sus privilegios en el sistema. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad de los datos, as\u00ed como para la disponibilidad del sistema."
    }
  ],
  "id": "CVE-2021-35938",
  "lastModified": "2024-11-21T06:12:47.313",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-25T20:15:09.307",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2021-35938"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964114"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157880"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/pull/1919"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://rpm.org/wiki/Releases/4.18.0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2021-35938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/pull/1919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://rpm.org/wiki/Releases/4.18.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-22"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-06-04 20:55

Modified

2024-11-21 01:35

Severity ?

Summary

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0451.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0531.html
secalert@redhat.com	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b
secalert@redhat.com	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6
secalert@redhat.com	http://rpm.org/wiki/Releases/4.9.1.3	Patch
secalert@redhat.com	http://secunia.com/advisories/48651	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/48716	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/49110	Vendor Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:056
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
secalert@redhat.com	http://www.osvdb.org/81009
secalert@redhat.com	http://www.securityfocus.com/bid/52865
secalert@redhat.com	http://www.securitytracker.com/id?1026882
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1695-1
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=744104
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74581
secalert@redhat.com	https://hermes.opensuse.org/messages/14440932
secalert@redhat.com	https://hermes.opensuse.org/messages/14441362
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0451.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0531.html
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/wiki/Releases/4.9.1.3	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48651	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48716	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49110	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:056
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/81009
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52865
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026882
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1695-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=744104
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74581
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/14440932
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/14441362

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	1.2
rpm	rpm	1.3
rpm	rpm	1.3.1
rpm	rpm	1.4
rpm	rpm	1.4.1
rpm	rpm	1.4.2
rpm	rpm	1.4.2\/a
rpm	rpm	1.4.3
rpm	rpm	1.4.4
rpm	rpm	1.4.5
rpm	rpm	1.4.6
rpm	rpm	1.4.7
rpm	rpm	2.0
rpm	rpm	2.0.1
rpm	rpm	2.0.2
rpm	rpm	2.0.3
rpm	rpm	2.0.4
rpm	rpm	2.0.5
rpm	rpm	2.0.6
rpm	rpm	2.0.7
rpm	rpm	2.0.8
rpm	rpm	2.0.9
rpm	rpm	2.0.10
rpm	rpm	2.0.11
rpm	rpm	2.1
rpm	rpm	2.1.1
rpm	rpm	2.1.2
rpm	rpm	2.2
rpm	rpm	2.2.1
rpm	rpm	2.2.2
rpm	rpm	2.2.3
rpm	rpm	2.2.3.10
rpm	rpm	2.2.3.11
rpm	rpm	2.2.4
rpm	rpm	2.2.5
rpm	rpm	2.2.6
rpm	rpm	2.2.7
rpm	rpm	2.2.8
rpm	rpm	2.2.9
rpm	rpm	2.2.10
rpm	rpm	2.2.11
rpm	rpm	2.3
rpm	rpm	2.3.1
rpm	rpm	2.3.2
rpm	rpm	2.3.3
rpm	rpm	2.3.4
rpm	rpm	2.3.5
rpm	rpm	2.3.6
rpm	rpm	2.3.7
rpm	rpm	2.3.8
rpm	rpm	2.3.9
rpm	rpm	2.4.1
rpm	rpm	2.4.2
rpm	rpm	2.4.3
rpm	rpm	2.4.4
rpm	rpm	2.4.5
rpm	rpm	2.4.6
rpm	rpm	2.4.8
rpm	rpm	2.4.9
rpm	rpm	2.4.11
rpm	rpm	2.4.12
rpm	rpm	2.5
rpm	rpm	2.5.1
rpm	rpm	2.5.2
rpm	rpm	2.5.3
rpm	rpm	2.5.4
rpm	rpm	2.5.5
rpm	rpm	2.5.6
rpm	rpm	2.6.7
rpm	rpm	3.0
rpm	rpm	3.0.1
rpm	rpm	3.0.2
rpm	rpm	3.0.3
rpm	rpm	3.0.4
rpm	rpm	3.0.5
rpm	rpm	3.0.6
rpm	rpm	4.0.
rpm	rpm	4.0.1
rpm	rpm	4.0.2
rpm	rpm	4.0.3
rpm	rpm	4.0.4
rpm	rpm	4.1
rpm	rpm	4.3.3
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2
rpm	rpm	4.4.2.3
rpm	rpm	4.5.90
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.1
rpm	rpm	4.7.0
rpm	rpm	4.7.1
rpm	rpm	4.7.2
rpm	rpm	4.8.0
rpm	rpm	4.8.1
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.1
rpm	rpm	4.9.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EB1B63A-0D09-429B-AEAA-AA0F33E0954A",
              "versionEndIncluding": "4.9.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "985E051C-677E-4DCD-9181-F5F33342FE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8664CDC-6A09-45F0-B5CD-BE5688FDBB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897D7B8-F2A3-4A18-83AF-5473E971DCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D0E27D80-E3C5-42A2-8794-56BA0D28EFB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F2043930-ECC5-40C6-907E-C5AF2D3EE51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "25706042-3E57-45D2-9917-5DDD818205FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "85B0DA93-4048-4F25-8D69-76F149D411BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCD5EE9-2D1F-4042-B53A-C5BA24265709",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE5D6F9-304C-4A3F-AD8E-CD7F01F8AD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63210F22-8DC0-4B0F-BAC3-962E319D36BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "65B5D793-77FC-4333-888A-57A913EA5BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "1C2A6ADF-F539-4257-AE05-7316231106C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0AF5D1C5-DDFC-4218-B3E2-0C34768DAC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97928439-BB18-4F36-928C-D5FB6F08AC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B190E4B8-794A-4B6E-B3E5-83ABDD381315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n headerVerifyInfo de lib/header.c de RPM anteriores a 4.9.1.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor negativo en un elemento \"region offset\" de una cabecera de paquete, que no es manejado apropiadamente en una comparaci\u00f3n de rango num\u00e9rico."
    }
  ],
  "id": "CVE-2012-0815",
  "lastModified": "2024-11-21T01:35:46.693",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-06-04T20:55:01.853",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://rpm.org/wiki/Releases/4.9.1.3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48651"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48716"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49110"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/81009"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/52865"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1026882"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/14440932"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/14441362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://rpm.org/wiki/Releases/4.9.1.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/81009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/14440932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/14441362"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-06-08 18:30

Modified

2024-11-21 00:05

Severity ?

Summary

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

References

URL	Tags
cve@mitre.org	http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz	Patch
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2010:180
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=125517
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=598775
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/59426
af854a3a-2127-422b-91ae-364da2661108	http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:180
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=125517
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=598775
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/59426

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	1.2
rpm	rpm	1.3
rpm	rpm	1.3.1
rpm	rpm	1.4
rpm	rpm	1.4.2
rpm	rpm	1.4.2\/a
rpm	rpm	1.4.3
rpm	rpm	1.4.4
rpm	rpm	1.4.5
rpm	rpm	1.4.6
rpm	rpm	1.4.7
rpm	rpm	2..4.10
rpm	rpm	2.0
rpm	rpm	2.0.1
rpm	rpm	2.0.2
rpm	rpm	2.0.3
rpm	rpm	2.0.4
rpm	rpm	2.0.5
rpm	rpm	2.0.6
rpm	rpm	2.0.7
rpm	rpm	2.0.8
rpm	rpm	2.0.9
rpm	rpm	2.0.10
rpm	rpm	2.0.11
rpm	rpm	2.1
rpm	rpm	2.1.1
rpm	rpm	2.1.2
rpm	rpm	2.2
rpm	rpm	2.2.1
rpm	rpm	2.2.2
rpm	rpm	2.2.3
rpm	rpm	2.2.3.10
rpm	rpm	2.2.3.11
rpm	rpm	2.2.4
rpm	rpm	2.2.5
rpm	rpm	2.2.6
rpm	rpm	2.2.7
rpm	rpm	2.2.8
rpm	rpm	2.2.9
rpm	rpm	2.2.10
rpm	rpm	2.2.11
rpm	rpm	2.3
rpm	rpm	2.3.1
rpm	rpm	2.3.2
rpm	rpm	2.3.3
rpm	rpm	2.3.4
rpm	rpm	2.3.5
rpm	rpm	2.3.6
rpm	rpm	2.3.7
rpm	rpm	2.3.8
rpm	rpm	2.3.9
rpm	rpm	2.4.1
rpm	rpm	2.4.2
rpm	rpm	2.4.3
rpm	rpm	2.4.4
rpm	rpm	2.4.5
rpm	rpm	2.4.6
rpm	rpm	2.4.8
rpm	rpm	2.4.9
rpm	rpm	2.4.11
rpm	rpm	2.4.12
rpm	rpm	2.5
rpm	rpm	2.5.1
rpm	rpm	2.5.2
rpm	rpm	2.5.3
rpm	rpm	2.5.4
rpm	rpm	2.5.5
rpm	rpm	2.5.6
rpm	rpm	2.6.7
rpm	rpm	3.0
rpm	rpm	3.0.1
rpm	rpm	3.0.2
rpm	rpm	3.0.3
rpm	rpm	3.0.4
rpm	rpm	3.0.5
rpm	rpm	3.0.6
rpm	rpm	4.0.
rpm	rpm	4.0.1
rpm	rpm	4.0.2
rpm	rpm	4.0.3
rpm	rpm	4.0.4
rpm	rpm	4.1
rpm	rpm	4.3.3
rpm	rpm	4.4.2.
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "368283A7-FAC3-460B-8A18-DEA1E5996915",
              "versionEndIncluding": "4.4.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2..4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E092A7C-7B5A-449C-B49D-96BB5A1E011E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.:*:*:*:*:*:*:*",
              "matchCriteriaId": "308E9B35-F619-4BBE-B1BA-AAF0873F75D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059."
    },
    {
      "lang": "es",
      "value": "lib/fsm.c en RPM antes de v4.4.3 no reinicia los metadatos de un archivo ejecutable durante la eliminaci\u00f3n de los archivos en una eliminaci\u00f3n de paquetes con RPM, lo que podr\u00eda permitir a usuarios locales conseguir privilegios mediante la creaci\u00f3n de un v\u00ednculo f\u00edsico a un fichero vulnerable (1) con permiso setuid o (2) con permiso setgid. Se trata de un problema relacionado con la CVE-2010-2059."
    }
  ],
  "id": "CVE-2005-4889",
  "lastModified": "2024-11-21T00:05:25.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-08T18:30:09.977",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-08-26 16:15

Modified

2024-11-21 06:12

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2021-35939	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1964129	Exploit, Issue Tracking, Third Party Advisory
secalert@redhat.com	https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556	Patch, Third Party Advisory
secalert@redhat.com	https://github.com/rpm-software-management/rpm/pull/1919	Patch, Third Party Advisory
secalert@redhat.com	https://rpm.org/wiki/Releases/4.18.0	Release Notes, Vendor Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/202210-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2021-35939	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1964129	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/pull/1919	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://rpm.org/wiki/Releases/4.18.0	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202210-22	Third Party Advisory

Impacted products

	Vendor	Product	Version
	rpm	rpm	*
	redhat	enterprise_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "582D14B9-3812-42FD-9FA3-2BDEAA02DD6C",
              "versionEndExcluding": "4.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que la correcci\u00f3n de CVE-2017-7500 y CVE-2017-7501 era incompleta: la comprobaci\u00f3n s\u00f3lo es implementada para el directorio padre del archivo que iba a crearse. Un usuario local no privilegiado que posea otro directorio antecesor podr\u00eda usar este fallo para conseguir privilegios de root. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad de los datos, as\u00ed como para la disponibilidad del sistema."
    }
  ],
  "id": "CVE-2021-35939",
  "lastModified": "2024-11-21T06:12:47.457",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-26T16:15:08.683",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2021-35939"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/pull/1919"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://rpm.org/wiki/Releases/4.18.0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2021-35939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/pull/1919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://rpm.org/wiki/Releases/4.18.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-22"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-03-26 17:15

Modified

2024-11-21 05:46

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1934125	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21	Patch, Third Party Advisory
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
secalert@redhat.com	https://security.gentoo.org/glsa/202107-43	Third Party Advisory
secalert@redhat.com	https://www.starwindsoftware.com/security/sw-20220805-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1934125	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-43	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.starwindsoftware.com/security/sw-20220805-0002/	Third Party Advisory

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	*
rpm	rpm	4.15.0
rpm	rpm	4.15.0
rpm	rpm	4.15.0
rpm	rpm	4.16.0
rpm	rpm	4.16.0
rpm	rpm	4.16.0
rpm	rpm	4.16.0
redhat	enterprise_linux	8.0
fedoraproject	fedora	32
fedoraproject	fedora	33
fedoraproject	fedora	34
starwindsoftware	starwind_virtual_san	v8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5017E785-D9A4-40BE-ADD8-4421BB138131",
              "versionEndExcluding": "4.15.1.3",
              "versionStartIncluding": "4.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22989FC-E9C0-4189-BDFE-69346C3F8495",
              "versionEndExcluding": "4.16.1.3",
              "versionStartIncluding": "4.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.15.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "6E77F834-98D9-45CA-A442-97362CEAB09C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.15.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "40503D12-35BC-4515-A293-F39A37B23A38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "19299515-DF82-48A3-BA65-0DE705E75CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.16.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "0565E985-6BD3-45E1-928C-B67E18B7B56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "96BDFF27-D2ED-48F9-91FB-377D1244A0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.16.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "EA51C420-EFCB-4068-A981-E99722C5FAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "653B69E5-0E47-49EF-AD3D-218C86252E7C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14398:*:*:*:*:*:*",
              "matchCriteriaId": "2561CD5F-82A9-464E-B571-44634187B497",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un fallo en la funcionalidad de comprobaci\u00f3n de firmas de RPM cuando se lee un archivo de paquete. Este fallo permite a un atacante que pueda convencer a una v\u00edctima de instalar un paquete aparentemente verificable, cuyo encabezado de firma fue modificado, causar una corrupci\u00f3n de la base de datos de RPM y ejecutar c\u00f3digo. La mayor amenaza de esta vulnerabilidad es la integridad de los datos, la confidencialidad y la disponibilidad del sistema."
    }
  ],
  "id": "CVE-2021-20271",
  "lastModified": "2024-11-21T05:46:15.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-26T17:15:13.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-43"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-43"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-30 12:15

Modified

2024-11-21 05:46

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1927741	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
secalert@redhat.com	https://security.gentoo.org/glsa/202107-43	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1927741	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-43	Third Party Advisory

Impacted products

Vendor	Product	Version
rpm	rpm	*
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E210A7F5-C9AD-41DB-8E5A-2D48615DF02B",
              "versionEndExcluding": "4.16.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in RPM\u0027s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un fallo en RPM en la funci\u00f3n hdrblobInit() en el archivo lib/header.c.\u0026#xa0;Este fallo permite a un atacante que puede modificar el rpmdb causar una lectura fuera de l\u00edmites.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema."
    }
  ],
  "id": "CVE-2021-20266",
  "lastModified": "2024-11-21T05:46:14.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-30T12:15:07.500",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-43"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-43"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-06-04 20:55

Modified

2024-11-21 01:34

Severity ?

Summary

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0451.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0531.html
secalert@redhat.com	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b
secalert@redhat.com	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6
secalert@redhat.com	http://rpm.org/wiki/Releases/4.9.1.3
secalert@redhat.com	http://secunia.com/advisories/48651	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/48716	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/49110	Vendor Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:056
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
secalert@redhat.com	http://www.osvdb.org/81010
secalert@redhat.com	http://www.securityfocus.com/bid/52865
secalert@redhat.com	http://www.securitytracker.com/id?1026882
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1695-1
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=798585
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74583
secalert@redhat.com	https://hermes.opensuse.org/messages/14440932
secalert@redhat.com	https://hermes.opensuse.org/messages/14441362
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0451.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0531.html
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/wiki/Releases/4.9.1.3
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48651	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48716	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49110	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:056
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/81010
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52865
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026882
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1695-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=798585
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74583
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/14440932
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/14441362

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	1.2
rpm	rpm	1.3
rpm	rpm	1.3.1
rpm	rpm	1.4
rpm	rpm	1.4.1
rpm	rpm	1.4.2
rpm	rpm	1.4.2\/a
rpm	rpm	1.4.3
rpm	rpm	1.4.4
rpm	rpm	1.4.5
rpm	rpm	1.4.6
rpm	rpm	1.4.7
rpm	rpm	2.0
rpm	rpm	2.0.1
rpm	rpm	2.0.2
rpm	rpm	2.0.3
rpm	rpm	2.0.4
rpm	rpm	2.0.5
rpm	rpm	2.0.6
rpm	rpm	2.0.7
rpm	rpm	2.0.8
rpm	rpm	2.0.9
rpm	rpm	2.0.10
rpm	rpm	2.0.11
rpm	rpm	2.1
rpm	rpm	2.1.1
rpm	rpm	2.1.2
rpm	rpm	2.2
rpm	rpm	2.2.1
rpm	rpm	2.2.2
rpm	rpm	2.2.3
rpm	rpm	2.2.3.10
rpm	rpm	2.2.3.11
rpm	rpm	2.2.4
rpm	rpm	2.2.5
rpm	rpm	2.2.6
rpm	rpm	2.2.7
rpm	rpm	2.2.8
rpm	rpm	2.2.9
rpm	rpm	2.2.10
rpm	rpm	2.2.11
rpm	rpm	2.3
rpm	rpm	2.3.1
rpm	rpm	2.3.2
rpm	rpm	2.3.3
rpm	rpm	2.3.4
rpm	rpm	2.3.5
rpm	rpm	2.3.6
rpm	rpm	2.3.7
rpm	rpm	2.3.8
rpm	rpm	2.3.9
rpm	rpm	2.4.1
rpm	rpm	2.4.2
rpm	rpm	2.4.3
rpm	rpm	2.4.4
rpm	rpm	2.4.5
rpm	rpm	2.4.6
rpm	rpm	2.4.8
rpm	rpm	2.4.9
rpm	rpm	2.4.11
rpm	rpm	2.4.12
rpm	rpm	2.5
rpm	rpm	2.5.1
rpm	rpm	2.5.2
rpm	rpm	2.5.3
rpm	rpm	2.5.4
rpm	rpm	2.5.5
rpm	rpm	2.5.6
rpm	rpm	2.6.7
rpm	rpm	3.0
rpm	rpm	3.0.1
rpm	rpm	3.0.2
rpm	rpm	3.0.3
rpm	rpm	3.0.4
rpm	rpm	3.0.5
rpm	rpm	3.0.6
rpm	rpm	4.0.
rpm	rpm	4.0.1
rpm	rpm	4.0.2
rpm	rpm	4.0.3
rpm	rpm	4.0.4
rpm	rpm	4.1
rpm	rpm	4.3.3
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2
rpm	rpm	4.4.2.3
rpm	rpm	4.5.90
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.1
rpm	rpm	4.7.0
rpm	rpm	4.7.1
rpm	rpm	4.7.2
rpm	rpm	4.8.0
rpm	rpm	4.8.1
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.1
rpm	rpm	4.9.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EB1B63A-0D09-429B-AEAA-AA0F33E0954A",
              "versionEndIncluding": "4.9.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "985E051C-677E-4DCD-9181-F5F33342FE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8664CDC-6A09-45F0-B5CD-BE5688FDBB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897D7B8-F2A3-4A18-83AF-5473E971DCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D0E27D80-E3C5-42A2-8794-56BA0D28EFB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F2043930-ECC5-40C6-907E-C5AF2D3EE51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "25706042-3E57-45D2-9917-5DDD818205FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "85B0DA93-4048-4F25-8D69-76F149D411BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCD5EE9-2D1F-4042-B53A-C5BA24265709",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE5D6F9-304C-4A3F-AD8E-CD7F01F8AD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63210F22-8DC0-4B0F-BAC3-962E319D36BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "65B5D793-77FC-4333-888A-57A913EA5BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "1C2A6ADF-F539-4257-AE05-7316231106C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0AF5D1C5-DDFC-4218-B3E2-0C34768DAC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97928439-BB18-4F36-928C-D5FB6F08AC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B190E4B8-794A-4B6E-B3E5-83ABDD381315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n headerLoad de lib/header.c de RPM anteriores a 4.9.1.3 no validan apropiadamente las etiquetas \"region\", lo que permite a atacantes remotos asistidos por el usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de tama\u00f1o extenso de \"region\" en una cabecera de paquete."
    }
  ],
  "id": "CVE-2012-0061",
  "lastModified": "2024-11-21T01:34:18.843",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-06-04T20:55:01.790",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/wiki/Releases/4.9.1.3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48651"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48716"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49110"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/81010"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/52865"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1026882"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/14440932"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/14441362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/wiki/Releases/4.9.1.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/81010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/14440932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/14441362"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-01-18 11:48

Modified

2024-11-21 01:45

Severity ?

Summary

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.

References

URL	Tags
secalert@redhat.com	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43
secalert@redhat.com	http://rpm.org/wiki/Releases/4.10.2	Patch, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/51706	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/01/03/9
secalert@redhat.com	http://www.securityfocus.com/bid/57138
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1694-1
secalert@redhat.com	https://bugzilla.novell.com/show_bug.cgi?id=796375
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/80953
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/wiki/Releases/4.10.2	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51706	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/01/03/9
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/57138
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1694-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.novell.com/show_bug.cgi?id=796375
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/80953

Impacted products

	Vendor	Product	Version
	rpm	rpm	4.10.0
	rpm	rpm	4.10.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3980237-762C-40CE-B376-EA225C2F9214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "851F5ACE-A9AB-42BE-A36C-E9C4E333D293",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an \"unparseable signature,\" which allows remote attackers to bypass RPM signature checks via a crafted package."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n rpmpkgRead en lib/package.c en RPM v4.10.x antes de v4.10.2 no devuelve un c\u00f3digo de error en determinadas situaciones relacionadas con una \"firma no analizable\", lo que permite a atacantes remotos evitar los controles de firmas a trav\u00e9s de un paquete RPM dise\u00f1ado para tal fin."
    }
  ],
  "id": "CVE-2012-6088",
  "lastModified": "2024-11-21T01:45:47.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-01-18T11:48:41.057",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rpm.org/wiki/Releases/4.10.2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51706"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/03/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/57138"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1694-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=796375"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rpm.org/wiki/Releases/4.10.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/03/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/57138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1694-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.novell.com/show_bug.cgi?id=796375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80953"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-05-19 14:15

Modified

2024-11-21 06:21

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1927747	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
secalert@redhat.com	https://security.gentoo.org/glsa/202107-43	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1927747	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-43	Third Party Advisory

Impacted products

Vendor	Product	Version
rpm	rpm	*
redhat	enterprise_linux	8.0
fedoraproject	fedora	32
fedoraproject	fedora	33
fedoraproject	fedora	34

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E210A7F5-C9AD-41DB-8E5A-2D48615DF02B",
              "versionEndExcluding": "4.16.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en el paquete RPM en la funcionalidad read.\u0026#xa0;Este fallo permite a un atacante que pueda convencer a una v\u00edctima de instalar un paquete aparentemente comprobable o comprometer un repositorio de RPM, causar una corrupci\u00f3n en la base de datos de RPM.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la integridad de los datos.\u0026#xa0;Este fallo afecta a versiones de RPM anteriores a 4.17.0-alpha"
    }
  ],
  "id": "CVE-2021-3421",
  "lastModified": "2024-11-21T06:21:27.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-19T14:15:07.457",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927747"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-43"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-43"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-06-08 18:30

Modified

2024-11-21 01:15

Severity ?

Summary

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

References

URL	Tags
secalert@redhat.com	http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz	Patch
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
secalert@redhat.com	http://lists.vmware.com/pipermail/security-announce/2011/000126.html
secalert@redhat.com	http://marc.info/?l=oss-security&m=127559059928131&w=2
secalert@redhat.com	http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383
secalert@redhat.com	http://secunia.com/advisories/40028	Vendor Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:180
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/06/02/2
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/06/02/3
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/06/03/5
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/06/04/1
secalert@redhat.com	http://www.osvdb.org/65143
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2010-0679.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/516909/100/0/threaded
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2011-0004.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0606
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=125517
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=598775
af854a3a-2127-422b-91ae-364da2661108	http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2011/000126.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=127559059928131&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40028	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:180
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/06/02/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/06/02/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/06/03/5
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/06/04/1
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/65143
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0679.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516909/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0004.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0606
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=125517
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=598775

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	1.2
rpm	rpm	1.3
rpm	rpm	1.3.1
rpm	rpm	1.4
rpm	rpm	1.4.2
rpm	rpm	1.4.2\/a
rpm	rpm	1.4.3
rpm	rpm	1.4.4
rpm	rpm	1.4.5
rpm	rpm	1.4.6
rpm	rpm	1.4.7
rpm	rpm	2..4.10
rpm	rpm	2.0
rpm	rpm	2.0.1
rpm	rpm	2.0.2
rpm	rpm	2.0.3
rpm	rpm	2.0.4
rpm	rpm	2.0.5
rpm	rpm	2.0.6
rpm	rpm	2.0.7
rpm	rpm	2.0.8
rpm	rpm	2.0.9
rpm	rpm	2.0.10
rpm	rpm	2.0.11
rpm	rpm	2.1
rpm	rpm	2.1.1
rpm	rpm	2.1.2
rpm	rpm	2.2
rpm	rpm	2.2.1
rpm	rpm	2.2.2
rpm	rpm	2.2.3
rpm	rpm	2.2.3.10
rpm	rpm	2.2.3.11
rpm	rpm	2.2.4
rpm	rpm	2.2.5
rpm	rpm	2.2.6
rpm	rpm	2.2.7
rpm	rpm	2.2.8
rpm	rpm	2.2.9
rpm	rpm	2.2.10
rpm	rpm	2.2.11
rpm	rpm	2.3
rpm	rpm	2.3.1
rpm	rpm	2.3.2
rpm	rpm	2.3.3
rpm	rpm	2.3.4
rpm	rpm	2.3.5
rpm	rpm	2.3.6
rpm	rpm	2.3.7
rpm	rpm	2.3.8
rpm	rpm	2.3.9
rpm	rpm	2.4.1
rpm	rpm	2.4.2
rpm	rpm	2.4.3
rpm	rpm	2.4.4
rpm	rpm	2.4.5
rpm	rpm	2.4.6
rpm	rpm	2.4.8
rpm	rpm	2.4.9
rpm	rpm	2.4.11
rpm	rpm	2.4.12
rpm	rpm	2.5
rpm	rpm	2.5.1
rpm	rpm	2.5.2
rpm	rpm	2.5.3
rpm	rpm	2.5.4
rpm	rpm	2.5.5
rpm	rpm	2.5.6
rpm	rpm	2.6.7
rpm	rpm	3.0
rpm	rpm	3.0.1
rpm	rpm	3.0.2
rpm	rpm	3.0.3
rpm	rpm	3.0.4
rpm	rpm	3.0.5
rpm	rpm	3.0.6
rpm	rpm	4.0.
rpm	rpm	4.0.1
rpm	rpm	4.0.2
rpm	rpm	4.0.3
rpm	rpm	4.0.4
rpm	rpm	4.1
rpm	rpm	4.3.3
rpm	rpm	4.4.2
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2
rpm	rpm	4.6.0
rpm	rpm	4.6.1
rpm	rpm	4.7.0
rpm	rpm	4.7.1
rpm	rpm	4.7.2
rpm	rpm	4.8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "368283A7-FAC3-460B-8A18-DEA1E5996915",
              "versionEndIncluding": "4.4.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2..4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E092A7C-7B5A-449C-B49D-96BB5A1E011E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E5263C-1695-4932-9C20-297067B38F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCD5EE9-2D1F-4042-B53A-C5BA24265709",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file."
    },
    {
      "lang": "es",
      "value": "lib/fsm.c en RPM v4.8.0 y veriones sin especificar v4.7.x y v4.6.x, y RPM anterior a v4.4.3, no resetea adecuadamente los metadatos de un archivo ejecutable durante el reemplazo del archivo en una actualizaci\u00f3n del paquete RPM, lo que podr\u00eda permitir a usuarios locales obtener privilegios creando un enlace duro a un archivo vulnerable (1)setuid o (2) setgid."
    }
  ],
  "id": "CVE-2010-2059",
  "lastModified": "2024-11-21T01:15:48.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-08T18:30:10.037",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40028"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/02/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/65143"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0606"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/02/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/65143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-06-08 18:30

Modified

2024-11-21 01:16

Severity ?

Summary

rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.

References

▼	URL	Tags
	cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=125517
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/59423
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=125517
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/59423

Impacted products

Vendor	Product	Version
rpm	rpm	1.2
rpm	rpm	1.3
rpm	rpm	1.3.1
rpm	rpm	1.4
rpm	rpm	1.4.2
rpm	rpm	1.4.2\/a
rpm	rpm	1.4.3
rpm	rpm	1.4.4
rpm	rpm	1.4.5
rpm	rpm	1.4.6
rpm	rpm	1.4.7
rpm	rpm	2..4.10
rpm	rpm	2.0
rpm	rpm	2.0.1
rpm	rpm	2.0.2
rpm	rpm	2.0.3
rpm	rpm	2.0.4
rpm	rpm	2.0.5
rpm	rpm	2.0.6
rpm	rpm	2.0.7
rpm	rpm	2.0.8
rpm	rpm	2.0.9
rpm	rpm	2.0.10
rpm	rpm	2.0.11
rpm	rpm	2.1
rpm	rpm	2.1.1
rpm	rpm	2.1.2
rpm	rpm	2.2
rpm	rpm	2.2.1
rpm	rpm	2.2.2
rpm	rpm	2.2.3
rpm	rpm	2.2.3.10
rpm	rpm	2.2.3.11
rpm	rpm	2.2.4
rpm	rpm	2.2.5
rpm	rpm	2.2.6
rpm	rpm	2.2.7
rpm	rpm	2.2.8
rpm	rpm	2.2.9
rpm	rpm	2.2.10
rpm	rpm	2.2.11
rpm	rpm	2.3
rpm	rpm	2.3.1
rpm	rpm	2.3.2
rpm	rpm	2.3.3
rpm	rpm	2.3.4
rpm	rpm	2.3.5
rpm	rpm	2.3.6
rpm	rpm	2.3.7
rpm	rpm	2.3.8
rpm	rpm	2.3.9
rpm	rpm	2.4.1
rpm	rpm	2.4.2
rpm	rpm	2.4.3
rpm	rpm	2.4.4
rpm	rpm	2.4.5
rpm	rpm	2.4.6
rpm	rpm	2.4.8
rpm	rpm	2.4.9
rpm	rpm	2.4.11
rpm	rpm	2.4.12
rpm	rpm	2.5
rpm	rpm	2.5.1
rpm	rpm	2.5.2
rpm	rpm	2.5.3
rpm	rpm	2.5.4
rpm	rpm	2.5.5
rpm	rpm	2.5.6
rpm	rpm	2.6.7
rpm	rpm	3.0
rpm	rpm	3.0.1
rpm	rpm	3.0.2
rpm	rpm	3.0.3
rpm	rpm	3.0.4
rpm	rpm	3.0.5
rpm	rpm	3.0.6
rpm	rpm	4.0.
rpm	rpm	4.0.1
rpm	rpm	4.0.2
rpm	rpm	4.0.3
rpm	rpm	4.0.4
rpm	rpm	4.1
rpm	rpm	4.3.3
rpm	rpm	4.4.2
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2
rpm	rpm	4.4.2.3
rpm	rpm	*
rpm	rpm	4.6.0
rpm	rpm	4.6.1
rpm	rpm	4.7.0
rpm	rpm	4.7.1
rpm	rpm	4.7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2..4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E092A7C-7B5A-449C-B49D-96BB5A1E011E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E5263C-1695-4932-9C20-297067B38F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8664CDC-6A09-45F0-B5CD-BE5688FDBB1F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E55477-BD82-4CE9-8DA0-4EA555F123D7",
              "versionEndIncluding": "4.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag."
    },
    {
      "lang": "es",
      "value": "rpmbuild en RPM v4.8.0 y anteriores no parse adecuadamente la sint\u00e1xis de archivos spec, lo que permite a atacantes asistidos por usuarios borrar directorios home a trav\u00e9s de vectores relacionando una secuencia ;~ (punto y coma tilde) en la etiqueta Name. \r\n"
    }
  ],
  "id": "CVE-2010-2197",
  "lastModified": "2024-11-21T01:16:08.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-06-08T18:30:10.083",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59423"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-06-08 18:30

Modified

2024-11-21 01:16

Severity ?

Summary

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.

References

▼	URL	Tags
	cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=125517
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/59416
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=125517
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/59416

Impacted products

Vendor	Product	Version
rpm	rpm	1.2
rpm	rpm	1.3
rpm	rpm	1.3.1
rpm	rpm	1.4
rpm	rpm	1.4.2
rpm	rpm	1.4.2\/a
rpm	rpm	1.4.3
rpm	rpm	1.4.4
rpm	rpm	1.4.5
rpm	rpm	1.4.6
rpm	rpm	1.4.7
rpm	rpm	2..4.10
rpm	rpm	2.0
rpm	rpm	2.0.1
rpm	rpm	2.0.2
rpm	rpm	2.0.3
rpm	rpm	2.0.4
rpm	rpm	2.0.5
rpm	rpm	2.0.6
rpm	rpm	2.0.7
rpm	rpm	2.0.8
rpm	rpm	2.0.9
rpm	rpm	2.0.10
rpm	rpm	2.0.11
rpm	rpm	2.1
rpm	rpm	2.1.1
rpm	rpm	2.1.2
rpm	rpm	2.2
rpm	rpm	2.2.1
rpm	rpm	2.2.2
rpm	rpm	2.2.3
rpm	rpm	2.2.3.10
rpm	rpm	2.2.3.11
rpm	rpm	2.2.4
rpm	rpm	2.2.5
rpm	rpm	2.2.6
rpm	rpm	2.2.7
rpm	rpm	2.2.8
rpm	rpm	2.2.9
rpm	rpm	2.2.10
rpm	rpm	2.2.11
rpm	rpm	2.3
rpm	rpm	2.3.1
rpm	rpm	2.3.2
rpm	rpm	2.3.3
rpm	rpm	2.3.4
rpm	rpm	2.3.5
rpm	rpm	2.3.6
rpm	rpm	2.3.7
rpm	rpm	2.3.8
rpm	rpm	2.3.9
rpm	rpm	2.4.1
rpm	rpm	2.4.2
rpm	rpm	2.4.3
rpm	rpm	2.4.4
rpm	rpm	2.4.5
rpm	rpm	2.4.6
rpm	rpm	2.4.8
rpm	rpm	2.4.9
rpm	rpm	2.4.11
rpm	rpm	2.4.12
rpm	rpm	2.5
rpm	rpm	2.5.1
rpm	rpm	2.5.2
rpm	rpm	2.5.3
rpm	rpm	2.5.4
rpm	rpm	2.5.5
rpm	rpm	2.5.6
rpm	rpm	2.6.7
rpm	rpm	3.0
rpm	rpm	3.0.1
rpm	rpm	3.0.2
rpm	rpm	3.0.3
rpm	rpm	3.0.4
rpm	rpm	3.0.5
rpm	rpm	3.0.6
rpm	rpm	4.0.
rpm	rpm	4.0.1
rpm	rpm	4.0.2
rpm	rpm	4.0.3
rpm	rpm	4.0.4
rpm	rpm	4.1
rpm	rpm	4.3.3
rpm	rpm	4.4.2
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2
rpm	rpm	4.4.2.3
rpm	rpm	*
rpm	rpm	4.6.0
rpm	rpm	4.6.1
rpm	rpm	4.7.0
rpm	rpm	4.7.1
rpm	rpm	4.7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2..4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E092A7C-7B5A-449C-B49D-96BB5A1E011E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E5263C-1695-4932-9C20-297067B38F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8664CDC-6A09-45F0-B5CD-BE5688FDBB1F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E55477-BD82-4CE9-8DA0-4EA555F123D7",
              "versionEndIncluding": "4.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059."
    },
    {
      "lang": "es",
      "value": "lib/fsm.c en RPM 4.8.0 y anteriores, no reinicia adecuadamente los metadatos de un archivo ejecutable durante la sustituci\u00f3n del archivo en una actualizaci\u00f3n del paquete RPM o eliminaci\u00f3n del archivo en una eliminaci\u00f3n de paquetes RPM, lo que podr\u00eda permitir eludir las restricciones de acceso a los usuarios locales creando un enlace duro a un archivo vulnerable que tiene un POSIX ACL, un proplema relacionado con CVE-2010-2059."
    }
  ],
  "id": "CVE-2010-2199",
  "lastModified": "2024-11-21T01:16:08.473",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-08T18:30:10.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2010-06-08 18:30

Modified

2024-11-21 01:16

Severity ?

Summary

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=oss-security&m=127559059928131&w=2
cve@mitre.org	http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230
cve@mitre.org	http://secunia.com/advisories/40028	Vendor Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2010/06/02/3
cve@mitre.org	http://www.openwall.com/lists/oss-security/2010/06/03/5
cve@mitre.org	http://www.openwall.com/lists/oss-security/2010/06/04/1
cve@mitre.org	http://www.osvdb.org/65144
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=598775
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=127559059928131&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40028	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/06/02/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/06/03/5
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/06/04/1
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/65144
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=598775

Impacted products

Vendor	Product	Version
rpm	rpm	1.2
rpm	rpm	1.3
rpm	rpm	1.3.1
rpm	rpm	1.4
rpm	rpm	1.4.2
rpm	rpm	1.4.2\/a
rpm	rpm	1.4.3
rpm	rpm	1.4.4
rpm	rpm	1.4.5
rpm	rpm	1.4.6
rpm	rpm	1.4.7
rpm	rpm	2..4.10
rpm	rpm	2.0
rpm	rpm	2.0.1
rpm	rpm	2.0.2
rpm	rpm	2.0.3
rpm	rpm	2.0.4
rpm	rpm	2.0.5
rpm	rpm	2.0.6
rpm	rpm	2.0.7
rpm	rpm	2.0.8
rpm	rpm	2.0.9
rpm	rpm	2.0.10
rpm	rpm	2.0.11
rpm	rpm	2.1
rpm	rpm	2.1.1
rpm	rpm	2.1.2
rpm	rpm	2.2
rpm	rpm	2.2.1
rpm	rpm	2.2.2
rpm	rpm	2.2.3
rpm	rpm	2.2.3.10
rpm	rpm	2.2.3.11
rpm	rpm	2.2.4
rpm	rpm	2.2.5
rpm	rpm	2.2.6
rpm	rpm	2.2.7
rpm	rpm	2.2.8
rpm	rpm	2.2.9
rpm	rpm	2.2.10
rpm	rpm	2.2.11
rpm	rpm	2.3
rpm	rpm	2.3.1
rpm	rpm	2.3.2
rpm	rpm	2.3.3
rpm	rpm	2.3.4
rpm	rpm	2.3.5
rpm	rpm	2.3.6
rpm	rpm	2.3.7
rpm	rpm	2.3.8
rpm	rpm	2.3.9
rpm	rpm	2.4.1
rpm	rpm	2.4.2
rpm	rpm	2.4.3
rpm	rpm	2.4.4
rpm	rpm	2.4.5
rpm	rpm	2.4.6
rpm	rpm	2.4.8
rpm	rpm	2.4.9
rpm	rpm	2.4.11
rpm	rpm	2.4.12
rpm	rpm	2.5
rpm	rpm	2.5.1
rpm	rpm	2.5.2
rpm	rpm	2.5.3
rpm	rpm	2.5.4
rpm	rpm	2.5.5
rpm	rpm	2.5.6
rpm	rpm	2.6.7
rpm	rpm	3.0
rpm	rpm	3.0.1
rpm	rpm	3.0.2
rpm	rpm	3.0.3
rpm	rpm	3.0.4
rpm	rpm	3.0.5
rpm	rpm	3.0.6
rpm	rpm	4.0.
rpm	rpm	4.0.1
rpm	rpm	4.0.2
rpm	rpm	4.0.3
rpm	rpm	4.0.4
rpm	rpm	4.1
rpm	rpm	4.3.3
rpm	rpm	4.4.2
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2
rpm	rpm	4.4.2.3
rpm	rpm	*
rpm	rpm	4.6.0
rpm	rpm	4.6.1
rpm	rpm	4.7.0
rpm	rpm	4.7.1
rpm	rpm	4.7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2..4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E092A7C-7B5A-449C-B49D-96BB5A1E011E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E5263C-1695-4932-9C20-297067B38F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8664CDC-6A09-45F0-B5CD-BE5688FDBB1F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E55477-BD82-4CE9-8DA0-4EA555F123D7",
              "versionEndIncluding": "4.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059."
    },
    {
      "lang": "es",
      "value": "lib/fsm.c en RPM v4.8.0 y anteriores no resetea adecuadamente los metadatos de un archivo ejecutable durante el reemplazo del archivo en una actualizaci\u00f3n del paquete RPM o eliminaci\u00f3n del archivo en la eliminaci\u00f3n del paquete RPM, lo que podr\u00eda permitir a usuarios locales obtener privilegios o saltarse las restricciones de acceso establecidas creando un enlace duro a un archivo vulnerable que tiene (1) capacidades de archivo POSIX o (2) informaci\u00f3n de contexto SELinux, u caso relacionado con CVE-2010-2059."
    }
  ],
  "id": "CVE-2010-2198",
  "lastModified": "2024-11-21T01:16:08.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-08T18:30:10.117",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40028"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/65144"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/65144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-06-04 20:55

Modified

2024-11-21 01:34

Severity ?

Summary

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0451.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0531.html
secalert@redhat.com	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190
secalert@redhat.com	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29
secalert@redhat.com	http://rpm.org/wiki/Releases/4.9.1.3
secalert@redhat.com	http://secunia.com/advisories/48651	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/48716	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/49110	Vendor Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:056
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
secalert@redhat.com	http://www.osvdb.org/81010
secalert@redhat.com	http://www.securityfocus.com/bid/52865
secalert@redhat.com	http://www.securitytracker.com/id?1026882
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1695-1
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=744858
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74582
secalert@redhat.com	https://hermes.opensuse.org/messages/14440932
secalert@redhat.com	https://hermes.opensuse.org/messages/14441362
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0451.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0531.html
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29
af854a3a-2127-422b-91ae-364da2661108	http://rpm.org/wiki/Releases/4.9.1.3
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48651	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48716	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49110	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:056
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/81010
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52865
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026882
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1695-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=744858
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74582
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/14440932
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/14441362

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	1.2
rpm	rpm	1.3
rpm	rpm	1.3.1
rpm	rpm	1.4
rpm	rpm	1.4.1
rpm	rpm	1.4.2
rpm	rpm	1.4.2\/a
rpm	rpm	1.4.3
rpm	rpm	1.4.4
rpm	rpm	1.4.5
rpm	rpm	1.4.6
rpm	rpm	1.4.7
rpm	rpm	2.0
rpm	rpm	2.0.1
rpm	rpm	2.0.2
rpm	rpm	2.0.3
rpm	rpm	2.0.4
rpm	rpm	2.0.5
rpm	rpm	2.0.6
rpm	rpm	2.0.7
rpm	rpm	2.0.8
rpm	rpm	2.0.9
rpm	rpm	2.0.10
rpm	rpm	2.0.11
rpm	rpm	2.1
rpm	rpm	2.1.1
rpm	rpm	2.1.2
rpm	rpm	2.2
rpm	rpm	2.2.1
rpm	rpm	2.2.2
rpm	rpm	2.2.3
rpm	rpm	2.2.3.10
rpm	rpm	2.2.3.11
rpm	rpm	2.2.4
rpm	rpm	2.2.5
rpm	rpm	2.2.6
rpm	rpm	2.2.7
rpm	rpm	2.2.8
rpm	rpm	2.2.9
rpm	rpm	2.2.10
rpm	rpm	2.2.11
rpm	rpm	2.3
rpm	rpm	2.3.1
rpm	rpm	2.3.2
rpm	rpm	2.3.3
rpm	rpm	2.3.4
rpm	rpm	2.3.5
rpm	rpm	2.3.6
rpm	rpm	2.3.7
rpm	rpm	2.3.8
rpm	rpm	2.3.9
rpm	rpm	2.4.1
rpm	rpm	2.4.2
rpm	rpm	2.4.3
rpm	rpm	2.4.4
rpm	rpm	2.4.5
rpm	rpm	2.4.6
rpm	rpm	2.4.8
rpm	rpm	2.4.9
rpm	rpm	2.4.11
rpm	rpm	2.4.12
rpm	rpm	2.5
rpm	rpm	2.5.1
rpm	rpm	2.5.2
rpm	rpm	2.5.3
rpm	rpm	2.5.4
rpm	rpm	2.5.5
rpm	rpm	2.5.6
rpm	rpm	2.6.7
rpm	rpm	3.0
rpm	rpm	3.0.1
rpm	rpm	3.0.2
rpm	rpm	3.0.3
rpm	rpm	3.0.4
rpm	rpm	3.0.5
rpm	rpm	3.0.6
rpm	rpm	4.0.
rpm	rpm	4.0.1
rpm	rpm	4.0.2
rpm	rpm	4.0.3
rpm	rpm	4.0.4
rpm	rpm	4.1
rpm	rpm	4.3.3
rpm	rpm	4.4.2.1
rpm	rpm	4.4.2.2
rpm	rpm	4.4.2.3
rpm	rpm	4.5.90
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.0
rpm	rpm	4.6.1
rpm	rpm	4.7.0
rpm	rpm	4.7.1
rpm	rpm	4.7.2
rpm	rpm	4.8.0
rpm	rpm	4.8.1
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.0
rpm	rpm	4.9.1
rpm	rpm	4.9.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EB1B63A-0D09-429B-AEAA-AA0F33E0954A",
              "versionEndIncluding": "4.9.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76112E07-F476-41E5-9FF8-E85C28019BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E064D1B0-093D-4C62-89A0-481D261F9AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05B2BC3-41EB-4839-B3DC-AF8B567D0318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B95097-EEA2-42A1-AA30-4AC519E67B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "985E051C-677E-4DCD-9181-F5F33342FE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "267ACF41-E8E2-4F9E-983A-E526DACFCE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.2\\/a:*:*:*:*:*:*:*",
              "matchCriteriaId": "6429C42B-EBD6-4D93-AABB-AD268ADB72AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1372FF29-498C-41CB-AB2E-25CEC92866AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EFE8428-E00F-4E5F-8787-F63FEE93E617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D1E892-05D5-4C79-AD12-7B7C0421E509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA6696D-D6CC-4C23-AB8F-91474BFC341E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16D91A5-35F5-44F3-A515-8E4F27B563D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08974D05-C00C-438C-A76F-E17C191D0CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81771BF8-0788-44B5-8694-AFF436FDECD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BF53E9-CC37-4E31-9F34-2B569947887F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D79478-665E-4D18-AAA6-BA51C41A4C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A59FF59-BD73-4C13-AC51-98126ED46573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C83F0D-159B-4CFB-92C6-83D36225080A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7A4BC0-43DF-4542-A54F-BF8B07F30B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B926B035-659A-4F86-B680-CD1A6163F2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BC57C-69AD-40F6-885B-3A560F69809F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71499D02-8989-4AA0-80FB-28860F103EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B424D987-8421-4FE5-B9F7-0D4AB7AC921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F58F12D-301C-4C4D-8F78-0B6A7B220B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A30CF4-508D-407B-A097-30331AF9D452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E49FB5B-5BFA-4736-8F2C-C07188D0BC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "883AE5CC-379E-41A7-A8B5-12671015F131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8D8FEA-89A2-4133-89D7-FD403D605E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11322F8-93B7-457C-8993-B0A8D3274468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD35E28-313C-4CF7-AEC0-1C91316FF5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B591779-643B-4E2E-9270-40748EDA1BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3C91C9-CFDC-4C51-B6AF-51F1560161A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D67C30-F0CA-410B-8C3A-EA5536BC256E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80DB9D55-9BC2-416C-9A2A-021F4EC0E884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B48E845-573C-4F07-8D69-F1A54CCEEDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C9FE2D-197A-45EB-BE40-B746B13F2C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07E462F-2163-430B-9315-75BFD00113C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "347BC012-5307-4B0F-A013-624ED455ABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED89DCC-0EFF-4665-BDE0-406155A46BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EEB6C44-B615-46F8-A5DC-BEF25D932314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D846B-9DD9-474A-A8BE-25334D2969B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF5DE17-2061-4896-B7DA-CFDEF46E9652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB528B71-8BF5-4D93-A1BC-DF0502AEA58F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585DC0B-DFBB-466E-9D3D-86E19A4B88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "041B087D-4FBC-4EDC-AAC0-DF8A1D39980A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4FB33B-5015-4620-BD21-3F0C916069EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "684E9118-30B2-476C-816E-CA4B2916017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF46B23-559C-4DF0-8510-C79F17ABF22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40A202-557B-495C-BBE5-DEC9FF97EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3DB711-AE17-4B3B-9D45-C38CBDF418A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D049089-7FBD-41A6-8A5B-8497DA24C720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DEBEDF-3E64-4417-BC41-7F0E20C522F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF99B53-237E-468B-8B7F-A105FE40803B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C4022C-F1D4-4A58-8341-E22EAF943511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5503DC6-40DB-4A84-984E-BDEED82F224A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90148D48-5DA5-46F9-AE96-618C427A5DA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733E1435-CE73-4A39-97EB-304D2F45A838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08FD930-F2BC-47BC-86BC-07545D1431B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DE028F-D0BE-435C-826D-CCBFFEBF3B31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08EB15D-1842-41F4-9F19-FF6571055242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CF2BBF-83AA-451E-8E30-E040EFCF6F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "409B29B1-E2E0-4CBD-83D0-F4CE67820F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D325D4A-166A-4174-BEA8-1C6D47A8DDBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6AEBBD1-2320-42A3-8DCA-46DF61007349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "132C1B54-0438-4239-B599-8160D494EE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5CCEAC-3D92-46DB-AC88-859ED5A5E277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED68CE6A-2BF5-49F2-AEAE-199AAC94807B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E406BD-8CC3-4929-ABB2-F820F8C83823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8685704C-C43D-4315-A541-4E04B7B08B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1D452-A003-4DB1-A8CF-0F7FBB9A5811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F8C79E-416F-4C88-B102-3BB60E969FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F47849F-4466-4500-802C-260970D6A764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C190DE39-ABEF-4DA1-A909-B9E98BD5A468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BB52FC-E320-47CD-A180-C22371D7AFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A746D6-4C15-49BD-B17C-2CA06FFA76D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8664CDC-6A09-45F0-B5CD-BE5688FDBB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897D7B8-F2A3-4A18-83AF-5473E971DCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D0E27D80-E3C5-42A2-8794-56BA0D28EFB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F2043930-ECC5-40C6-907E-C5AF2D3EE51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "25706042-3E57-45D2-9917-5DDD818205FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "85B0DA93-4048-4F25-8D69-76F149D411BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "055D95AA-3797-437E-88FD-764D807B5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7164A1F5-EE8E-46C6-8E9E-D267CF5936ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62495EC6-B5DB-4AB2-840C-98AC4CE34990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCD5EE9-2D1F-4042-B53A-C5BA24265709",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE5D6F9-304C-4A3F-AD8E-CD7F01F8AD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63210F22-8DC0-4B0F-BAC3-962E319D36BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "65B5D793-77FC-4333-888A-57A913EA5BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "1C2A6ADF-F539-4257-AE05-7316231106C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0AF5D1C5-DDFC-4218-B3E2-0C34768DAC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97928439-BB18-4F36-928C-D5FB6F08AC59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B190E4B8-794A-4B6E-B3E5-83ABDD381315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function."
    },
    {
      "lang": "es",
      "value": "RPM en versiones anteriores a la 4.9.1.3 no valida apropiadamente las etiquetas \"region\", lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una etiqueta \"region\" inv\u00e1lida en una cabecera de paquete de la funci\u00f3n (1) headerLoad, (2) rpmReadSignature o (3) headerVerify."
    }
  ],
  "id": "CVE-2012-0060",
  "lastModified": "2024-11-21T01:34:18.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-06-04T20:55:01.743",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rpm.org/wiki/Releases/4.9.1.3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48651"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48716"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49110"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/81010"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/52865"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1026882"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/14440932"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/14441362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rpm.org/wiki/Releases/4.9.1.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/81010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1695-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/14440932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/14441362"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-22 22:29

Modified

2024-11-21 03:32

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

References

URL	Tags
secalert@redhat.com	https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc	Issue Tracking, Patch
secalert@redhat.com	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
secalert@redhat.com	https://security.gentoo.org/glsa/201811-22
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201811-22

Impacted products

	Vendor	Product	Version
	rpm	rpm	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED564028-B312-4A22-812A-8928BBBB4E40",
              "versionEndExcluding": "4.13.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto que las versiones de rpm anteriores a la 4.13.0.2 emplean archivos temporales con nombres predecibles al instalar un RPM. Un atacante que pueda escribir en un directorio en el que se instalar\u00e1n archivos podr\u00eda crear enlaces simb\u00f3licos en una localizaci\u00f3n arbitraria y modificar contenido y, probablemente, permisos en archivos arbitrarios. Esto podr\u00eda emplearse para provocar una denegaci\u00f3n de servicio o un posible escalado de privilegios."
    }
  ],
  "id": "CVE-2017-7501",
  "lastModified": "2024-11-21T03:32:01.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-22T22:29:00.270",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201811-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201811-22"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-08-13 17:29

Modified

2024-11-21 03:32

Severity ?

7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500	Issue Tracking
secalert@redhat.com	https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9	Third Party Advisory
secalert@redhat.com	https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79	Third Party Advisory

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	4.14.0.0
rpm	rpm	4.14.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "570A3E92-EA84-4106-9C64-B0F597F1C9AB",
              "versionEndExcluding": "4.13.0.2",
              "versionStartIncluding": "4.13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.14.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3206925E-EF01-4CC1-ABCA-68283CCF7041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.14.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2CE6C7F0-274D-4205-83E6-963422C7AC29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que rpm no manejaba correctamente las instalaciones RPM cuando una ruta de destino era un enlace simb\u00f3lico a un directorio, posiblemente cambiando la propiedad y los permisos de un directorio arbitrario y los archivos RPM se colocaban en un destino arbitrario. Un atacante con acceso de escritura a un directorio en el que se instalar\u00e1 un subdirectorio podr\u00eda redirigir ese directorio a una ubicaci\u00f3n arbitraria y obtener privilegios root."
    }
  ],
  "id": "CVE-2017-7500",
  "lastModified": "2024-11-21T03:32:01.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-13T17:29:00.357",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2012-0815

Vulnerability from cvelistv5

Published

2012-06-04 20:00

Modified

2024-08-06 18:38

Severity ?

Summary

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-0531.html	vendor-advisory, x_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=MDVSA-2012:056	vendor-advisory, x_refsource_MANDRIVA
	http://www.securitytracker.com/id?1026882	vdb-entry, x_refsource_SECTRACK
	https://bugzilla.redhat.com/show_bug.cgi?id=744104	x_refsource_MISC
	http://rpm.org/wiki/Releases/4.9.1.3	x_refsource_CONFIRM
	http://secunia.com/advisories/48716	third-party-advisory, x_refsource_SECUNIA
	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b	x_refsource_CONFIRM
	http://secunia.com/advisories/48651	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-0451.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/52865	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/74581	vdb-entry, x_refsource_XF
	http://www.ubuntu.com/usn/USN-1695-1	vendor-advisory, x_refsource_UBUNTU
	https://hermes.opensuse.org/messages/14440932	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/49110	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html	vendor-advisory, x_refsource_FEDORA
	https://hermes.opensuse.org/messages/14441362	vendor-advisory, x_refsource_SUSE
	http://www.osvdb.org/81009	vdb-entry, x_refsource_OSVDB
	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:14.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "RHSA-2012:0531",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
          },
          {
            "name": "MDVSA-2012:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
          },
          {
            "name": "1026882",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026882"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/wiki/Releases/4.9.1.3"
          },
          {
            "name": "48716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48716"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
          },
          {
            "name": "48651",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48651"
          },
          {
            "name": "RHSA-2012:0451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
          },
          {
            "name": "FEDORA-2012-5421",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
          },
          {
            "name": "52865",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52865"
          },
          {
            "name": "rpm-headerverifyinfo-code-execution(74581)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581"
          },
          {
            "name": "USN-1695-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1695-1"
          },
          {
            "name": "openSUSE-SU-2012:0588",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/14440932"
          },
          {
            "name": "49110",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49110"
          },
          {
            "name": "FEDORA-2012-5420",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
          },
          {
            "name": "FEDORA-2012-5298",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
          },
          {
            "name": "openSUSE-SU-2012:0589",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/14441362"
          },
          {
            "name": "81009",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/81009"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-17T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "RHSA-2012:0531",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
        },
        {
          "name": "MDVSA-2012:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
        },
        {
          "name": "1026882",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026882"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/wiki/Releases/4.9.1.3"
        },
        {
          "name": "48716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48716"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
        },
        {
          "name": "48651",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48651"
        },
        {
          "name": "RHSA-2012:0451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
        },
        {
          "name": "FEDORA-2012-5421",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
        },
        {
          "name": "52865",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52865"
        },
        {
          "name": "rpm-headerverifyinfo-code-execution(74581)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581"
        },
        {
          "name": "USN-1695-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1695-1"
        },
        {
          "name": "openSUSE-SU-2012:0588",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/14440932"
        },
        {
          "name": "49110",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49110"
        },
        {
          "name": "FEDORA-2012-5420",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
        },
        {
          "name": "FEDORA-2012-5298",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
        },
        {
          "name": "openSUSE-SU-2012:0589",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/14441362"
        },
        {
          "name": "81009",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/81009"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "RHSA-2012:0531",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
            },
            {
              "name": "MDVSA-2012:056",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
            },
            {
              "name": "1026882",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026882"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=744104",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104"
            },
            {
              "name": "http://rpm.org/wiki/Releases/4.9.1.3",
              "refsource": "CONFIRM",
              "url": "http://rpm.org/wiki/Releases/4.9.1.3"
            },
            {
              "name": "48716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48716"
            },
            {
              "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b",
              "refsource": "CONFIRM",
              "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b"
            },
            {
              "name": "48651",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48651"
            },
            {
              "name": "RHSA-2012:0451",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
            },
            {
              "name": "FEDORA-2012-5421",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
            },
            {
              "name": "52865",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52865"
            },
            {
              "name": "rpm-headerverifyinfo-code-execution(74581)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581"
            },
            {
              "name": "USN-1695-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1695-1"
            },
            {
              "name": "openSUSE-SU-2012:0588",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/14440932"
            },
            {
              "name": "49110",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49110"
            },
            {
              "name": "FEDORA-2012-5420",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
            },
            {
              "name": "FEDORA-2012-5298",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
            },
            {
              "name": "openSUSE-SU-2012:0589",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/14441362"
            },
            {
              "name": "81009",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/81009"
            },
            {
              "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6",
              "refsource": "CONFIRM",
              "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0815",
    "datePublished": "2012-06-04T20:00:00",
    "dateReserved": "2012-01-19T00:00:00",
    "dateUpdated": "2024-08-06T18:38:14.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-6088

Vulnerability from cvelistv5

Published

2013-01-18 11:00

Modified

2024-08-06 21:21

Severity ?

Summary

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.

References

▼	URL	Tags
	https://bugzilla.novell.com/show_bug.cgi?id=796375	x_refsource_MISC
	http://www.securityfocus.com/bid/57138	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/51706	third-party-advisory, x_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2013/01/03/9	mailing-list, x_refsource_MLIST
	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-1694-1	vendor-advisory, x_refsource_UBUNTU
	https://exchange.xforce.ibmcloud.com/vulnerabilities/80953	vdb-entry, x_refsource_XF
	http://rpm.org/wiki/Releases/4.10.2	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:21:28.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=796375"
          },
          {
            "name": "57138",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57138"
          },
          {
            "name": "51706",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51706"
          },
          {
            "name": "[oss-security] 20130103 Re: CVE Request -- rpm (X \u003e= 4.10 and X \u003c 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/01/03/9"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43"
          },
          {
            "name": "USN-1694-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1694-1"
          },
          {
            "name": "rpm-security-bypass(80953)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80953"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/wiki/Releases/4.10.2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an \"unparseable signature,\" which allows remote attackers to bypass RPM signature checks via a crafted package."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=796375"
        },
        {
          "name": "57138",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57138"
        },
        {
          "name": "51706",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51706"
        },
        {
          "name": "[oss-security] 20130103 Re: CVE Request -- rpm (X \u003e= 4.10 and X \u003c 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/01/03/9"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43"
        },
        {
          "name": "USN-1694-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1694-1"
        },
        {
          "name": "rpm-security-bypass(80953)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80953"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/wiki/Releases/4.10.2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-6088",
    "datePublished": "2013-01-18T11:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T21:21:28.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7500

Vulnerability from cvelistv5

Published

2018-08-13 17:00

Modified

2024-08-05 16:04

Severity ?

7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.

References

▼	URL	Tags
	https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9	x_refsource_CONFIRM
	https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

[UNKNOWN]

rpm

Version: 4.13.0.2
Version: 4.14.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rpm",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "4.13.0.2"
            },
            {
              "status": "affected",
              "version": "4.14.0"
            }
          ]
        }
      ],
      "datePublic": "2017-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-13T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-7500",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "rpm",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.13.0.2"
                          },
                          {
                            "version_value": "4.14.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9",
              "refsource": "CONFIRM",
              "url": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9"
            },
            {
              "name": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79",
              "refsource": "CONFIRM",
              "url": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7500",
    "datePublished": "2018-08-13T17:00:00",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35937

Vulnerability from cvelistv5

Published

2022-08-25 00:00

Modified

2024-08-04 00:40

Severity ?

Summary

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

▼	URL	Tags
	https://rpm.org/wiki/Releases/4.18.0
	https://bugzilla.redhat.com/show_bug.cgi?id=1964125
	https://access.redhat.com/security/cve/CVE-2021-35937
	https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf
	https://security.gentoo.org/glsa/202210-22	vendor-advisory

Impacted products

Vendor

Product

Version

▼

n/a

RPM

Version: Fixed in rpm v4.18.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rpm.org/wiki/Releases/4.18.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964125"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2021-35937"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf"
          },
          {
            "name": "GLSA-202210-22",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RPM",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in rpm v4.18.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 - Improper Link Resolution Before File Access (\u0027Link Following\u0027), CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://rpm.org/wiki/Releases/4.18.0"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964125"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-35937"
        },
        {
          "url": "https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf"
        },
        {
          "name": "GLSA-202210-22",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-22"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-35937",
    "datePublished": "2022-08-25T00:00:00",
    "dateReserved": "2021-06-29T00:00:00",
    "dateUpdated": "2024-08-04T00:40:47.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-0060

Vulnerability from cvelistv5

Published

2012-06-04 20:00

Modified

2024-08-06 18:09

Severity ?

Summary

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-0531.html	vendor-advisory, x_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=MDVSA-2012:056	vendor-advisory, x_refsource_MANDRIVA
	http://www.securitytracker.com/id?1026882	vdb-entry, x_refsource_SECTRACK
	http://rpm.org/wiki/Releases/4.9.1.3	x_refsource_CONFIRM
	http://secunia.com/advisories/48716	third-party-advisory, x_refsource_SECUNIA
	http://www.osvdb.org/81010	vdb-entry, x_refsource_OSVDB
	https://bugzilla.redhat.com/show_bug.cgi?id=744858	x_refsource_MISC
	http://secunia.com/advisories/48651	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-0451.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html	vendor-advisory, x_refsource_FEDORA
	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/52865	vdb-entry, x_refsource_BID
	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-1695-1	vendor-advisory, x_refsource_UBUNTU
	https://hermes.opensuse.org/messages/14440932	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/49110	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/74582	vdb-entry, x_refsource_XF
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html	vendor-advisory, x_refsource_FEDORA
	https://hermes.opensuse.org/messages/14441362	vendor-advisory, x_refsource_SUSE

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "RHSA-2012:0531",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
          },
          {
            "name": "MDVSA-2012:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
          },
          {
            "name": "1026882",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026882"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/wiki/Releases/4.9.1.3"
          },
          {
            "name": "48716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48716"
          },
          {
            "name": "81010",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/81010"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858"
          },
          {
            "name": "48651",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48651"
          },
          {
            "name": "RHSA-2012:0451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
          },
          {
            "name": "FEDORA-2012-5421",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190"
          },
          {
            "name": "52865",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52865"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29"
          },
          {
            "name": "USN-1695-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1695-1"
          },
          {
            "name": "openSUSE-SU-2012:0588",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/14440932"
          },
          {
            "name": "49110",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49110"
          },
          {
            "name": "rpm-loadsigverify-code-execution(74582)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582"
          },
          {
            "name": "FEDORA-2012-5420",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
          },
          {
            "name": "FEDORA-2012-5298",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
          },
          {
            "name": "openSUSE-SU-2012:0589",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/14441362"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-17T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "RHSA-2012:0531",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
        },
        {
          "name": "MDVSA-2012:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
        },
        {
          "name": "1026882",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026882"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/wiki/Releases/4.9.1.3"
        },
        {
          "name": "48716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48716"
        },
        {
          "name": "81010",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/81010"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858"
        },
        {
          "name": "48651",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48651"
        },
        {
          "name": "RHSA-2012:0451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
        },
        {
          "name": "FEDORA-2012-5421",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190"
        },
        {
          "name": "52865",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52865"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29"
        },
        {
          "name": "USN-1695-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1695-1"
        },
        {
          "name": "openSUSE-SU-2012:0588",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/14440932"
        },
        {
          "name": "49110",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49110"
        },
        {
          "name": "rpm-loadsigverify-code-execution(74582)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582"
        },
        {
          "name": "FEDORA-2012-5420",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
        },
        {
          "name": "FEDORA-2012-5298",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
        },
        {
          "name": "openSUSE-SU-2012:0589",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/14441362"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0060",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "RHSA-2012:0531",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
            },
            {
              "name": "MDVSA-2012:056",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
            },
            {
              "name": "1026882",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026882"
            },
            {
              "name": "http://rpm.org/wiki/Releases/4.9.1.3",
              "refsource": "CONFIRM",
              "url": "http://rpm.org/wiki/Releases/4.9.1.3"
            },
            {
              "name": "48716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48716"
            },
            {
              "name": "81010",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/81010"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=744858",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858"
            },
            {
              "name": "48651",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48651"
            },
            {
              "name": "RHSA-2012:0451",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
            },
            {
              "name": "FEDORA-2012-5421",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
            },
            {
              "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190",
              "refsource": "CONFIRM",
              "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190"
            },
            {
              "name": "52865",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52865"
            },
            {
              "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29",
              "refsource": "CONFIRM",
              "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29"
            },
            {
              "name": "USN-1695-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1695-1"
            },
            {
              "name": "openSUSE-SU-2012:0588",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/14440932"
            },
            {
              "name": "49110",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49110"
            },
            {
              "name": "rpm-loadsigverify-code-execution(74582)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582"
            },
            {
              "name": "FEDORA-2012-5420",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
            },
            {
              "name": "FEDORA-2012-5298",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
            },
            {
              "name": "openSUSE-SU-2012:0589",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/14441362"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0060",
    "datePublished": "2012-06-04T20:00:00",
    "dateReserved": "2011-12-07T00:00:00",
    "dateUpdated": "2024-08-06T18:09:17.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20266

Vulnerability from cvelistv5

Published

2021-04-30 11:22

Modified

2024-08-03 17:37

Severity ?

Summary

A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1927741	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/	x_refsource_MISC
	https://security.gentoo.org/glsa/202107-43	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

n/a

rpm

Version: rpm 4.17.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
          },
          {
            "name": "GLSA-202107-43",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-43"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rpm",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "rpm 4.17.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in RPM\u0027s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T10:07:18",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
        },
        {
          "name": "GLSA-202107-43",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-43"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-20266",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "rpm",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "rpm 4.17.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in RPM\u0027s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/",
              "refsource": "MISC",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/",
              "refsource": "MISC",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
            },
            {
              "name": "GLSA-202107-43",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-43"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20266",
    "datePublished": "2021-04-30T11:22:49",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:37:23.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-6435

Vulnerability from cvelistv5

Published

2014-12-16 18:00

Modified

2024-08-06 17:39

Severity ?

Summary

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:056	vendor-advisory, x_refsource_MANDRIVA
	https://security.gentoo.org/glsa/201811-22	vendor-advisory, x_refsource_GENTOO
	http://advisories.mageia.org/MGASA-2014-0529.html	x_refsource_CONFIRM
	https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2014-1975.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1039811	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2014:251	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/bid/71558	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2014-1974.html	vendor-advisory, x_refsource_REDHAT
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3129	vendor-advisory, x_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2014-1976.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "MDVSA-2015:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
          },
          {
            "name": "GLSA-201811-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-22"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0529.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/"
          },
          {
            "name": "RHSA-2014:1975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1975.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039811"
          },
          {
            "name": "MDVSA-2014:251",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
          },
          {
            "name": "71558",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71558"
          },
          {
            "name": "RHSA-2014:1974",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1974.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "DSA-3129",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3129"
          },
          {
            "name": "RHSA-2014:1976",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-29T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "MDVSA-2015:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
        },
        {
          "name": "GLSA-201811-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-22"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0529.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/"
        },
        {
          "name": "RHSA-2014:1975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1975.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039811"
        },
        {
          "name": "MDVSA-2014:251",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
        },
        {
          "name": "71558",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71558"
        },
        {
          "name": "RHSA-2014:1974",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1974.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "name": "DSA-3129",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3129"
        },
        {
          "name": "RHSA-2014:1976",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6435",
    "datePublished": "2014-12-16T18:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2199

Vulnerability from cvelistv5

Published

2010-06-08 18:00

Modified

2024-08-07 02:25

Severity ?

Summary

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/59416	vdb-entry, x_refsource_XF
	https://bugzilla.redhat.com/show_bug.cgi?id=125517	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:25:07.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rpm-fsm-security-bypass(59416)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "rpm-fsm-security-bypass(59416)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2199",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rpm-fsm-security-bypass(59416)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2199",
    "datePublished": "2010-06-08T18:00:00",
    "dateReserved": "2010-06-08T00:00:00",
    "dateUpdated": "2024-08-07T02:25:07.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8118

Vulnerability from cvelistv5

Published

2014-12-16 18:00

Modified

2024-08-06 13:10

Severity ?

Summary

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.

References

▼	URL	Tags
	http://www.mandriva.com/security/advisories?name=MDVSA-2015:056	vendor-advisory, x_refsource_MANDRIVA
	https://security.gentoo.org/glsa/201811-22	vendor-advisory, x_refsource_GENTOO
	http://advisories.mageia.org/MGASA-2014-0529.html	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2014:251	vendor-advisory, x_refsource_MANDRIVA
	http://www.debian.org/security/2015/dsa-3129	vendor-advisory, x_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2014-1976.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2015:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
          },
          {
            "name": "GLSA-201811-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-22"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0529.html"
          },
          {
            "name": "MDVSA-2014:251",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
          },
          {
            "name": "DSA-3129",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3129"
          },
          {
            "name": "RHSA-2014:1976",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-29T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDVSA-2015:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
        },
        {
          "name": "GLSA-201811-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-22"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0529.html"
        },
        {
          "name": "MDVSA-2014:251",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
        },
        {
          "name": "DSA-3129",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3129"
        },
        {
          "name": "RHSA-2014:1976",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8118",
    "datePublished": "2014-12-16T18:00:00",
    "dateReserved": "2014-10-10T00:00:00",
    "dateUpdated": "2024-08-06T13:10:50.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2197

Vulnerability from cvelistv5

Published

2010-06-08 18:00

Modified

2024-08-07 02:25

Severity ?

Summary

rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/59423	vdb-entry, x_refsource_XF
	https://bugzilla.redhat.com/show_bug.cgi?id=125517	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:25:06.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rpm-rpmbuild-weak-security(59423)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59423"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "rpm-rpmbuild-weak-security(59423)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59423"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2197",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rpm-rpmbuild-weak-security(59423)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59423"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2197",
    "datePublished": "2010-06-08T18:00:00",
    "dateReserved": "2010-06-08T00:00:00",
    "dateUpdated": "2024-08-07T02:25:06.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2059

Vulnerability from cvelistv5

Published

2010-06-08 18:00

Modified

2024-08-07 02:17

Severity ?

Summary

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

References

▼	URL	Tags
	http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2010-0679.html	vendor-advisory, x_refsource_REDHAT
	http://lists.vmware.com/pipermail/security-announce/2011/000126.html	mailing-list, x_refsource_MLIST
	http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0606	vdb-entry, x_refsource_VUPEN
	http://www.osvdb.org/65143	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/archive/1/516909/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/40028	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=oss-security&m=127559059928131&w=2	mailing-list, x_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:180	vendor-advisory, x_refsource_MANDRIVA
	http://www.openwall.com/lists/oss-security/2010/06/02/2	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=598775	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2010/06/02/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2010/06/03/5	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2010/06/04/1	mailing-list, x_refsource_MLIST
	http://www.vmware.com/security/advisories/VMSA-2011-0004.html	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=125517	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:17:14.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
          },
          {
            "name": "RHSA-2010:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
          },
          {
            "name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383"
          },
          {
            "name": "ADV-2011-0606",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0606"
          },
          {
            "name": "65143",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/65143"
          },
          {
            "name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
          },
          {
            "name": "40028",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40028"
          },
          {
            "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
          },
          {
            "name": "MDVSA-2010:180",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
          },
          {
            "name": "[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/02/2"
          },
          {
            "name": "SUSE-SR:2010:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
          },
          {
            "name": "SUSE-SR:2010:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
          },
          {
            "name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
          },
          {
            "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
          },
          {
            "name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
        },
        {
          "name": "RHSA-2010:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
        },
        {
          "name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383"
        },
        {
          "name": "ADV-2011-0606",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0606"
        },
        {
          "name": "65143",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/65143"
        },
        {
          "name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
        },
        {
          "name": "40028",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40028"
        },
        {
          "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
        },
        {
          "name": "MDVSA-2010:180",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
        },
        {
          "name": "[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/02/2"
        },
        {
          "name": "SUSE-SR:2010:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
        },
        {
          "name": "SUSE-SR:2010:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
        },
        {
          "name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
        },
        {
          "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
        },
        {
          "name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2059",
    "datePublished": "2010-06-08T18:00:00",
    "dateReserved": "2010-05-25T00:00:00",
    "dateUpdated": "2024-08-07T02:17:14.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3521

Vulnerability from cvelistv5

Published

2022-08-22 00:00

Modified

2024-08-03 17:01

Severity ?

Summary

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1941098
	https://access.redhat.com/security/cve/CVE-2021-3521
	https://github.com/rpm-software-management/rpm/pull/1795/
	https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8
	https://security.gentoo.org/glsa/202210-22	vendor-advisory

Impacted products

Vendor

Product

Version

▼

n/a

RPM

Version: Fixed in rpm-4.18.0-beta1, rpm-4.18.0-alpha2, rpm-4.18.0-alpha1 .

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:07.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2021-3521"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/pull/1795/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8"
          },
          {
            "name": "GLSA-202210-22",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RPM",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in rpm-4.18.0-beta1, rpm-4.18.0-alpha2, rpm-4.18.0-alpha1 ."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a flaw in RPM\u0027s signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 - Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-3521"
        },
        {
          "url": "https://github.com/rpm-software-management/rpm/pull/1795/"
        },
        {
          "url": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8"
        },
        {
          "name": "GLSA-202210-22",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-22"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3521",
    "datePublished": "2022-08-22T00:00:00",
    "dateReserved": "2021-04-28T00:00:00",
    "dateUpdated": "2024-08-03T17:01:07.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-0061

Vulnerability from cvelistv5

Published

2012-06-04 20:00

Modified

2024-08-06 18:09

Severity ?

Summary

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-0531.html	vendor-advisory, x_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=MDVSA-2012:056	vendor-advisory, x_refsource_MANDRIVA
	http://www.securitytracker.com/id?1026882	vdb-entry, x_refsource_SECTRACK
	http://rpm.org/wiki/Releases/4.9.1.3	x_refsource_CONFIRM
	http://secunia.com/advisories/48716	third-party-advisory, x_refsource_SECUNIA
	http://www.osvdb.org/81010	vdb-entry, x_refsource_OSVDB
	https://bugzilla.redhat.com/show_bug.cgi?id=798585	x_refsource_MISC
	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b	x_refsource_CONFIRM
	http://secunia.com/advisories/48651	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-0451.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/bid/52865	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-1695-1	vendor-advisory, x_refsource_UBUNTU
	https://hermes.opensuse.org/messages/14440932	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/49110	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html	vendor-advisory, x_refsource_FEDORA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/74583	vdb-entry, x_refsource_XF
	https://hermes.opensuse.org/messages/14441362	vendor-advisory, x_refsource_SUSE
	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "RHSA-2012:0531",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
          },
          {
            "name": "MDVSA-2012:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
          },
          {
            "name": "1026882",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026882"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/wiki/Releases/4.9.1.3"
          },
          {
            "name": "48716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48716"
          },
          {
            "name": "81010",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/81010"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
          },
          {
            "name": "48651",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48651"
          },
          {
            "name": "RHSA-2012:0451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
          },
          {
            "name": "FEDORA-2012-5421",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
          },
          {
            "name": "52865",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52865"
          },
          {
            "name": "USN-1695-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1695-1"
          },
          {
            "name": "openSUSE-SU-2012:0588",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/14440932"
          },
          {
            "name": "49110",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49110"
          },
          {
            "name": "FEDORA-2012-5420",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
          },
          {
            "name": "FEDORA-2012-5298",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
          },
          {
            "name": "rpm-headerload-code-execution(74583)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583"
          },
          {
            "name": "openSUSE-SU-2012:0589",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/14441362"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-17T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "RHSA-2012:0531",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
        },
        {
          "name": "MDVSA-2012:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
        },
        {
          "name": "1026882",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026882"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/wiki/Releases/4.9.1.3"
        },
        {
          "name": "48716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48716"
        },
        {
          "name": "81010",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/81010"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
        },
        {
          "name": "48651",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48651"
        },
        {
          "name": "RHSA-2012:0451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
        },
        {
          "name": "FEDORA-2012-5421",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
        },
        {
          "name": "52865",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52865"
        },
        {
          "name": "USN-1695-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1695-1"
        },
        {
          "name": "openSUSE-SU-2012:0588",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/14440932"
        },
        {
          "name": "49110",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49110"
        },
        {
          "name": "FEDORA-2012-5420",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
        },
        {
          "name": "FEDORA-2012-5298",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
        },
        {
          "name": "rpm-headerload-code-execution(74583)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583"
        },
        {
          "name": "openSUSE-SU-2012:0589",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/14441362"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "RHSA-2012:0531",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
            },
            {
              "name": "MDVSA-2012:056",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
            },
            {
              "name": "1026882",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026882"
            },
            {
              "name": "http://rpm.org/wiki/Releases/4.9.1.3",
              "refsource": "CONFIRM",
              "url": "http://rpm.org/wiki/Releases/4.9.1.3"
            },
            {
              "name": "48716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48716"
            },
            {
              "name": "81010",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/81010"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=798585",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585"
            },
            {
              "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b",
              "refsource": "CONFIRM",
              "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b"
            },
            {
              "name": "48651",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48651"
            },
            {
              "name": "RHSA-2012:0451",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
            },
            {
              "name": "FEDORA-2012-5421",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
            },
            {
              "name": "52865",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52865"
            },
            {
              "name": "USN-1695-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1695-1"
            },
            {
              "name": "openSUSE-SU-2012:0588",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/14440932"
            },
            {
              "name": "49110",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49110"
            },
            {
              "name": "FEDORA-2012-5420",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
            },
            {
              "name": "FEDORA-2012-5298",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
            },
            {
              "name": "rpm-headerload-code-execution(74583)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583"
            },
            {
              "name": "openSUSE-SU-2012:0589",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/14441362"
            },
            {
              "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6",
              "refsource": "CONFIRM",
              "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0061",
    "datePublished": "2012-06-04T20:00:00",
    "dateReserved": "2011-12-07T00:00:00",
    "dateUpdated": "2024-08-06T18:09:17.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2198

Vulnerability from cvelistv5

Published

2010-06-08 18:00

Modified

2024-09-16 23:01

Severity ?

Summary

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

References

▼	URL	Tags
	http://secunia.com/advisories/40028	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=oss-security&m=127559059928131&w=2	mailing-list, x_refsource_MLIST
	http://www.osvdb.org/65144	vdb-entry, x_refsource_OSVDB
	http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=598775	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2010/06/02/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2010/06/03/5	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2010/06/04/1	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:25:07.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40028",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40028"
          },
          {
            "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
          },
          {
            "name": "65144",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/65144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
          },
          {
            "name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
          },
          {
            "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
          },
          {
            "name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-06-08T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "40028",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40028"
        },
        {
          "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
        },
        {
          "name": "65144",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/65144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
        },
        {
          "name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
        },
        {
          "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
        },
        {
          "name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2198",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40028",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40028"
            },
            {
              "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
            },
            {
              "name": "65144",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/65144"
            },
            {
              "name": "http://rpm.org/gitweb?p=rpm.git;a=commit;h=4d172a194addc49851e558ea390d3045894e3230",
              "refsource": "CONFIRM",
              "url": "http://rpm.org/gitweb?p=rpm.git;a=commit;h=4d172a194addc49851e558ea390d3045894e3230"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=598775",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
            },
            {
              "name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
            },
            {
              "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
            },
            {
              "name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2198",
    "datePublished": "2010-06-08T18:00:00Z",
    "dateReserved": "2010-06-08T00:00:00Z",
    "dateUpdated": "2024-09-16T23:01:58.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3421

Vulnerability from cvelistv5

Published

2021-05-19 13:40

Modified

2024-08-03 16:53

Severity ?

Summary

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.

References

▼	URL	Tags
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=1927747	x_refsource_MISC
	https://security.gentoo.org/glsa/202107-43	vendor-advisory, x_refsource_GENTOO

Impacted products

Vendor

Product

Version

▼

n/a

rpm

Version: rpm 4.17.0-alpha

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:53:17.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2021-2383d950fd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
          },
          {
            "name": "FEDORA-2021-8d52a8a999",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
          },
          {
            "name": "FEDORA-2021-662680e477",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927747"
          },
          {
            "name": "GLSA-202107-43",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-43"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rpm",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "rpm 4.17.0-alpha"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T10:07:20",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2021-2383d950fd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
        },
        {
          "name": "FEDORA-2021-8d52a8a999",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
        },
        {
          "name": "FEDORA-2021-662680e477",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927747"
        },
        {
          "name": "GLSA-202107-43",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-43"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-3421",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "rpm",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "rpm 4.17.0-alpha"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2021-2383d950fd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
            },
            {
              "name": "FEDORA-2021-8d52a8a999",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
            },
            {
              "name": "FEDORA-2021-662680e477",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1927747",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927747"
            },
            {
              "name": "GLSA-202107-43",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-43"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3421",
    "datePublished": "2021-05-19T13:40:58",
    "dateReserved": "2021-03-03T00:00:00",
    "dateUpdated": "2024-08-03T16:53:17.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20271

Vulnerability from cvelistv5

Published

2021-03-26 00:00

Modified

2024-08-03 17:37

Severity ?

Summary

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1934125
	https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/	vendor-advisory
	https://security.gentoo.org/glsa/202107-43	vendor-advisory
	https://www.starwindsoftware.com/security/sw-20220805-0002/

Impacted products

Vendor

Product

Version

▼

n/a

rpm

Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.716Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
          },
          {
            "name": "FEDORA-2021-2383d950fd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
          },
          {
            "name": "FEDORA-2021-8d52a8a999",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
          },
          {
            "name": "FEDORA-2021-662680e477",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
          },
          {
            "name": "GLSA-202107-43",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-43"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rpm",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-11T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
        },
        {
          "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
        },
        {
          "name": "FEDORA-2021-2383d950fd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
        },
        {
          "name": "FEDORA-2021-8d52a8a999",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
        },
        {
          "name": "FEDORA-2021-662680e477",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
        },
        {
          "name": "GLSA-202107-43",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-43"
        },
        {
          "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20271",
    "datePublished": "2021-03-26T00:00:00",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:37:23.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-3378

Vulnerability from cvelistv5

Published

2011-12-24 19:00

Modified

2024-08-06 23:29

Severity ?

Summary

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=741612	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=741606	x_refsource_CONFIRM
	http://rpm.org/wiki/Releases/4.9.1.2#Security	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:143	vendor-advisory, x_refsource_MANDRIVA
	http://www.openwall.com/lists/oss-security/2011/09/27/3	mailing-list, x_refsource_MLIST
	http://www.redhat.com/support/errata/RHSA-2011-1349.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-1695-1	vendor-advisory, x_refsource_UBUNTU
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691	x_refsource_CONFIRM
	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f	x_refsource_CONFIRM
	http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741612"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741606"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/wiki/Releases/4.9.1.2#Security"
          },
          {
            "name": "MDVSA-2011:143",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143"
          },
          {
            "name": "[oss-security] 20110927 rpm/librpm/rpm-python memory corruption pre-verification",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/09/27/3"
          },
          {
            "name": "RHSA-2011:1349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1349.html"
          },
          {
            "name": "SUSE-SU-2011:1140",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2011:1203",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html"
          },
          {
            "name": "USN-1695-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1695-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741612"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741606"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/wiki/Releases/4.9.1.2#Security"
        },
        {
          "name": "MDVSA-2011:143",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143"
        },
        {
          "name": "[oss-security] 20110927 rpm/librpm/rpm-python memory corruption pre-verification",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/09/27/3"
        },
        {
          "name": "RHSA-2011:1349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1349.html"
        },
        {
          "name": "SUSE-SU-2011:1140",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2011:1203",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html"
        },
        {
          "name": "USN-1695-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1695-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3378",
    "datePublished": "2011-12-24T19:00:00",
    "dateReserved": "2011-08-30T00:00:00",
    "dateUpdated": "2024-08-06T23:29:56.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7501

Vulnerability from cvelistv5

Published

2017-11-22 22:00

Modified

2024-09-17 00:02

Severity ?

Summary

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

References

▼	URL	Tags
	https://security.gentoo.org/glsa/201811-22	vendor-advisory, x_refsource_GENTOO
	https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc	x_refsource_MISC
	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

▼

Red Hat, Inc.

rpm

Version: before 4.13.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201811-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-22"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc"
          },
          {
            "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rpm",
          "vendor": "Red Hat, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "before 4.13.0.2"
            }
          ]
        }
      ],
      "datePublic": "2017-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-29T14:06:43",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-201811-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-22"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc"
        },
        {
          "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2017-05-18T00:00:00",
          "ID": "CVE-2017-7501",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "rpm",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 4.13.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201811-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-22"
            },
            {
              "name": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc",
              "refsource": "MISC",
              "url": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc"
            },
            {
              "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7501",
    "datePublished": "2017-11-22T22:00:00Z",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-09-17T00:02:20.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-4889

Vulnerability from cvelistv5

Published

2010-06-08 18:00

Modified

2024-08-08 00:01

Severity ?

Summary

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

References

▼	URL	Tags
	http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:180	vendor-advisory, x_refsource_MANDRIVA
	https://bugzilla.redhat.com/show_bug.cgi?id=598775	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/59426	vdb-entry, x_refsource_XF
	https://bugzilla.redhat.com/show_bug.cgi?id=125517	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.514Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
          },
          {
            "name": "MDVSA-2010:180",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
          },
          {
            "name": "rpm-setgid-privilege-escalation(59426)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
        },
        {
          "name": "MDVSA-2010:180",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
        },
        {
          "name": "rpm-setgid-privilege-escalation(59426)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4889",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz",
              "refsource": "CONFIRM",
              "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
            },
            {
              "name": "MDVSA-2010:180",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=598775",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
            },
            {
              "name": "rpm-setgid-privilege-escalation(59426)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4889",
    "datePublished": "2010-06-08T18:00:00",
    "dateReserved": "2010-06-08T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.514Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35939

Vulnerability from cvelistv5

Published

2022-08-26 00:00

Modified

2024-08-04 00:40

Severity ?

Summary

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

▼	URL	Tags
	https://rpm.org/wiki/Releases/4.18.0
	https://github.com/rpm-software-management/rpm/pull/1919
	https://bugzilla.redhat.com/show_bug.cgi?id=1964129
	https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556
	https://access.redhat.com/security/cve/CVE-2021-35939
	https://security.gentoo.org/glsa/202210-22	vendor-advisory

Impacted products

Vendor

Product

Version

▼

n/a

RPM

Version: Fixed in RPM-v4.18

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rpm.org/wiki/Releases/4.18.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/pull/1919"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2021-35939"
          },
          {
            "name": "GLSA-202210-22",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RPM",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in RPM-v4.18"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 - Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://rpm.org/wiki/Releases/4.18.0"
        },
        {
          "url": "https://github.com/rpm-software-management/rpm/pull/1919"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129"
        },
        {
          "url": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-35939"
        },
        {
          "name": "GLSA-202210-22",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-22"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-35939",
    "datePublished": "2022-08-26T00:00:00",
    "dateReserved": "2021-06-29T00:00:00",
    "dateUpdated": "2024-08-04T00:40:47.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-35938

Vulnerability from cvelistv5

Published

2022-08-25 00:00

Modified

2024-08-04 00:40

Severity ?

Summary

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1964114
	https://bugzilla.suse.com/show_bug.cgi?id=1157880
	https://access.redhat.com/security/cve/CVE-2021-35938
	https://rpm.org/wiki/Releases/4.18.0
	https://github.com/rpm-software-management/rpm/pull/1919
	https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033
	https://security.gentoo.org/glsa/202210-22	vendor-advisory

Impacted products

Vendor

Product

Version

▼

n/a

RPM

Version: Fixed in rpm v4.18.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964114"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157880"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2021-35938"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rpm.org/wiki/Releases/4.18.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/pull/1919"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033"
          },
          {
            "name": "GLSA-202210-22",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RPM",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in rpm v4.18.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 - Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964114"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157880"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-35938"
        },
        {
          "url": "https://rpm.org/wiki/Releases/4.18.0"
        },
        {
          "url": "https://github.com/rpm-software-management/rpm/pull/1919"
        },
        {
          "url": "https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033"
        },
        {
          "name": "GLSA-202210-22",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-22"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-35938",
    "datePublished": "2022-08-25T00:00:00",
    "dateReserved": "2021-06-29T00:00:00",
    "dateUpdated": "2024-08-04T00:40:47.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

All the vulnerabilites related to rpm - rpm

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5