Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
26 vulnerabilities by rpm
CVE-2024-1929 (GCVE-0-2024-1929)
Vulnerability from cvelistv5 – Published: 2024-05-08 01:53 – Updated: 2024-09-17 21:32
VLAI
Title
Local Root Exploit via Configuration Dictionary
Summary
Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.
There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.
Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this "config" map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fedora | dnf5daemon-server |
Affected:
5.1.16<=
|
|
| fedora | dnf5daemon-server |
Affected:
0 , ≤ 5.1.16
(custom)
cpe:2.3:a:fedora:dnf5daemon-server:*:*:*:*:*:*:*:* |
|
| fedora | dnf5daemon-server |
Affected:
pkg:github/rpm-software-management/dnf5@0 , < pkg:github/rpm-software-management/dnf5@5.1.16
(custom)
cpe:2.3:a:fedora:dnf5daemon-server:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fedora:dnf5daemon-server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dnf5daemon-server",
"vendor": "fedora",
"versions": [
{
"lessThanOrEqual": "5.1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fedora:dnf5daemon-server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dnf5daemon-server",
"vendor": "fedora",
"versions": [
{
"lessThan": "pkg:github/rpm-software-management/dnf5@5.1.16",
"status": "affected",
"version": "pkg:github/rpm-software-management/dnf5@0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1929",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:00:01.200516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T21:32:39.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/03/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "dnf5daemon-server",
"platforms": [
"Linux"
],
"product": "dnf5daemon-server",
"vendor": "Fedora",
"versions": [
{
"status": "affected",
"version": "5.1.16\u003c="
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Root Exploit via Configuration Dictionary in dnf5daemon-server\u0026nbsp;before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.\u003cbr\u003e\u003cbr\u003eThere are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the \"config\" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.\u0026nbsp;\u003cbr\u003e\u003cbr\u003ePractically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this \"config\" map, which is untrusted data.\u0026nbsp;It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Local Root Exploit via Configuration Dictionary in dnf5daemon-server\u00a0before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.\n\nThere are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the \"config\" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.\u00a0\n\nPractically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this \"config\" map, which is untrusted data.\u00a0It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.\u00a0\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-08T01:53:34.726Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/03/04/2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Root Exploit via Configuration Dictionary ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-1929",
"datePublished": "2024-05-08T01:53:34.726Z",
"dateReserved": "2024-02-27T12:44:44.092Z",
"dateUpdated": "2024-09-17T21:32:39.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35939 (GCVE-0-2021-35939)
Vulnerability from cvelistv5 – Published: 2022-08-26 00:00 – Updated: 2024-08-04 00:40
VLAI
Summary
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity
No CVSS data available.
CWE
- CWE-59 - - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:47.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/pull/1919"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-35939"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RPM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in RPM-v4.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 - Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"url": "https://github.com/rpm-software-management/rpm/pull/1919"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129"
},
{
"url": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-35939"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-35939",
"datePublished": "2022-08-26T00:00:00.000Z",
"dateReserved": "2021-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:40:47.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35937 (GCVE-0-2021-35937)
Vulnerability from cvelistv5 – Published: 2022-08-25 00:00 – Updated: 2024-08-04 00:40
VLAI
Summary
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity
No CVSS data available.
CWE
- CWE-59 - - Improper Link Resolution Before File Access ('Link Following'), CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:47.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964125"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-35937"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RPM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in rpm v4.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 - Improper Link Resolution Before File Access (\u0027Link Following\u0027), CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964125"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-35937"
},
{
"url": "https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-35937",
"datePublished": "2022-08-25T00:00:00.000Z",
"dateReserved": "2021-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:40:47.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35938 (GCVE-0-2021-35938)
Vulnerability from cvelistv5 – Published: 2022-08-25 00:00 – Updated: 2024-08-04 00:40
VLAI
Summary
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity
No CVSS data available.
CWE
- CWE-59 - - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:47.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964114"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157880"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-35938"
},
{
"tags": [
"x_transferred"
],
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/pull/1919"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RPM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in rpm v4.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 - Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964114"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157880"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-35938"
},
{
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"url": "https://github.com/rpm-software-management/rpm/pull/1919"
},
{
"url": "https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-35938",
"datePublished": "2022-08-25T00:00:00.000Z",
"dateReserved": "2021-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:40:47.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3521 (GCVE-0-2021-3521)
Vulnerability from cvelistv5 – Published: 2022-08-22 00:00 – Updated: 2024-08-03 17:01
VLAI
Summary
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.
Severity
No CVSS data available.
CWE
- CWE-347 - - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3521"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/pull/1795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RPM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in rpm-4.18.0-beta1, rpm-4.18.0-alpha2, rpm-4.18.0-alpha1 ."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a flaw in RPM\u0027s signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 - Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3521"
},
{
"url": "https://github.com/rpm-software-management/rpm/pull/1795/"
},
{
"url": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8"
},
{
"name": "GLSA-202210-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3521",
"datePublished": "2022-08-22T00:00:00.000Z",
"dateReserved": "2021-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3445 (GCVE-0-2021-3445)
Vulnerability from cvelistv5 – Published: 2021-05-19 13:44 – Updated: 2024-08-03 16:53
VLAI
Summary
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1932079 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2021-eadfc56b95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/"
},
{
"name": "FEDORA-2021-c6802f0b69",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libdnf",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libdnf 0.60.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libdnf\u0027s signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-19T13:44:45.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2021-eadfc56b95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/"
},
{
"name": "FEDORA-2021-c6802f0b69",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932079"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libdnf",
"version": {
"version_data": [
{
"version_value": "libdnf 0.60.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libdnf\u0027s signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2021-eadfc56b95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/"
},
{
"name": "FEDORA-2021-c6802f0b69",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932079",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932079"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3445",
"datePublished": "2021-05-19T13:44:23.000Z",
"dateReserved": "2021-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:53:17.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3421 (GCVE-0-2021-3421)
Vulnerability from cvelistv5 – Published: 2021-05-19 13:40 – Updated: 2024-08-03 16:53
VLAI
Summary
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.
Severity
No CVSS data available.
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1927747 | x_refsource_MISC |
| https://security.gentoo.org/glsa/202107-43 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2021-2383d950fd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"name": "FEDORA-2021-8d52a8a999",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "FEDORA-2021-662680e477",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927747"
},
{
"name": "GLSA-202107-43",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rpm",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "rpm 4.17.0-alpha"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T10:07:20.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2021-2383d950fd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"name": "FEDORA-2021-8d52a8a999",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "FEDORA-2021-662680e477",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927747"
},
{
"name": "GLSA-202107-43",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rpm",
"version": {
"version_data": [
{
"version_value": "rpm 4.17.0-alpha"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2021-2383d950fd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"name": "FEDORA-2021-8d52a8a999",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "FEDORA-2021-662680e477",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1927747",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927747"
},
{
"name": "GLSA-202107-43",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3421",
"datePublished": "2021-05-19T13:40:58.000Z",
"dateReserved": "2021-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:53:17.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20266 (GCVE-0-2021-20266)
Vulnerability from cvelistv5 – Published: 2021-04-30 11:22 – Updated: 2024-08-03 17:37
VLAI
Summary
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1927741 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202107-43 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "GLSA-202107-43",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rpm",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "rpm 4.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RPM\u0027s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T10:07:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "GLSA-202107-43",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rpm",
"version": {
"version_data": [
{
"version_value": "rpm 4.17.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in RPM\u0027s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "GLSA-202107-43",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20266",
"datePublished": "2021-04-30T11:22:49.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20271 (GCVE-0-2021-20271)
Vulnerability from cvelistv5 – Published: 2021-03-26 00:00 – Updated: 2024-08-03 17:37
VLAI
Summary
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
Severity
No CVSS data available.
CWE
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
},
{
"name": "FEDORA-2021-2383d950fd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"name": "FEDORA-2021-8d52a8a999",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "FEDORA-2021-662680e477",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
},
{
"name": "GLSA-202107-43",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-43"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rpm",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
},
{
"url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
},
{
"name": "FEDORA-2021-2383d950fd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"name": "FEDORA-2021-8d52a8a999",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "FEDORA-2021-662680e477",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
},
{
"name": "GLSA-202107-43",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202107-43"
},
{
"url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20271",
"datePublished": "2021-03-26T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3817 (GCVE-0-2019-3817)
Vulnerability from cvelistv5 – Published: 2019-03-27 12:25 – Updated: 2024-08-04 19:19
VLAI
Summary
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.
Severity
7.5 (High)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://github.com/rpm-software-management/libcom… | x_refsource_CONFIRM |
| https://github.com/rpm-software-management/libcom… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:3583 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:3898 | vendor-advisoryx_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rpm-software-management/libcomps/issues/41"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046"
},
{
"name": "RHSA-2019:3583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3583"
},
{
"name": "RHSA-2019:3898",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libcomps",
"vendor": "libcomps",
"versions": [
{
"status": "affected",
"version": "0.1.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-18T16:07:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rpm-software-management/libcomps/issues/41"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046"
},
{
"name": "RHSA-2019:3583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3583"
},
{
"name": "RHSA-2019:3898",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libcomps",
"version": {
"version_data": [
{
"version_value": "0.1.10"
}
]
}
}
]
},
"vendor_name": "libcomps"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817"
},
{
"name": "https://github.com/rpm-software-management/libcomps/issues/41",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/libcomps/issues/41"
},
{
"name": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046"
},
{
"name": "RHSA-2019:3583",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3583"
},
{
"name": "RHSA-2019:3898",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3817",
"datePublished": "2019-03-27T12:25:40.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7500 (GCVE-0-2017-7500)
Vulnerability from cvelistv5 – Published: 2018-08-13 17:00 – Updated: 2024-08-05 16:04
VLAI
Summary
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.
Severity
7.3 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/rpm-software-management/rpm/co… | x_refsource_CONFIRM |
| https://github.com/rpm-software-management/rpm/co… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
Date Public
2017-07-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rpm",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "4.13.0.2"
},
{
"status": "affected",
"version": "4.14.0"
}
]
}
],
"datePublic": "2017-07-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-13T16:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rpm",
"version": {
"version_data": [
{
"version_value": "4.13.0.2"
},
{
"version_value": "4.14.0"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9"
},
{
"name": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7500",
"datePublished": "2018-08-13T17:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:11.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10897 (GCVE-0-2018-10897)
Vulnerability from cvelistv5 – Published: 2018-08-01 17:00 – Updated: 2024-08-05 07:54
VLAI
Summary
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
Severity
8.8 (High)
CWE
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1041594 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2018:2285 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2284 | vendor-advisoryx_refsource_REDHAT |
| https://github.com/rpm-software-management/yum-ut… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:2626 | vendor-advisoryx_refsource_REDHAT |
| https://github.com/rpm-software-management/yum-ut… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://help.ecostruxureit.com/display/public/UAD… | x_refsource_CONFIRM |
| https://github.com/rpm-software-management/yum-ut… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The RPM Project | yum-utils: |
Affected:
1.1.31
|
Date Public
2018-07-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:34.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041594",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041594"
},
{
"name": "RHSA-2018:2285",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2285"
},
{
"name": "RHSA-2018:2284",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2284"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c"
},
{
"name": "RHSA-2018:2626",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rpm-software-management/yum-utils/pull/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yum-utils:",
"vendor": "The RPM Project",
"versions": [
{
"status": "affected",
"version": "1.1.31"
}
]
}
],
"datePublic": "2018-07-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1041594",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041594"
},
{
"name": "RHSA-2018:2285",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2285"
},
{
"name": "RHSA-2018:2284",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2284"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c"
},
{
"name": "RHSA-2018:2626",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rpm-software-management/yum-utils/pull/43"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10897",
"datePublished": "2018-08-01T17:00:00.000Z",
"dateReserved": "2018-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:54:34.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7501 (GCVE-0-2017-7501)
Vulnerability from cvelistv5 – Published: 2017-11-22 22:00 – Updated: 2024-09-17 00:02
VLAI
Summary
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201811-22 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/rpm-software-management/rpm/co… | x_refsource_MISC |
| https://lists.apache.org/thread.html/rf4c02775860… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r58af02e294b… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | rpm |
Affected:
before 4.13.0.2
|
Date Public
2017-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201811-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-22"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rpm",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "before 4.13.0.2"
}
]
}
],
"datePublic": "2017-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:06:43.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201811-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-22"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-05-18T00:00:00",
"ID": "CVE-2017-7501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rpm",
"version": {
"version_data": [
{
"version_value": "before 4.13.0.2"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201811-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-22"
},
{
"name": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc",
"refsource": "MISC",
"url": "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7501",
"datePublished": "2017-11-22T22:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:02:20.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6435 (GCVE-0-2013-6435)
Vulnerability from cvelistv5 – Published: 2014-12-16 18:00 – Updated: 2024-08-06 17:39
VLAI
Summary
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2014-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2015:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
},
{
"name": "GLSA-201811-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0529.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/"
},
{
"name": "RHSA-2014:1975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1975.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039811"
},
{
"name": "MDVSA-2014:251",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
},
{
"name": "71558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71558"
},
{
"name": "RHSA-2014:1974",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1974.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-3129",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3129"
},
{
"name": "RHSA-2014:1976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-29T10:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2015:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
},
{
"name": "GLSA-201811-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0529.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/"
},
{
"name": "RHSA-2014:1975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1975.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039811"
},
{
"name": "MDVSA-2014:251",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
},
{
"name": "71558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71558"
},
{
"name": "RHSA-2014:1974",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1974.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "DSA-3129",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3129"
},
{
"name": "RHSA-2014:1976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6435",
"datePublished": "2014-12-16T18:00:00.000Z",
"dateReserved": "2013-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:39:01.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8118 (GCVE-0-2014-8118)
Vulnerability from cvelistv5 – Published: 2014-12-16 18:00 – Updated: 2024-08-06 13:10
VLAI
Summary
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| https://security.gentoo.org/glsa/201811-22 | vendor-advisoryx_refsource_GENTOO |
| http://advisories.mageia.org/MGASA-2014-0529.html | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.debian.org/security/2015/dsa-3129 | vendor-advisoryx_refsource_DEBIAN |
| http://rhn.redhat.com/errata/RHSA-2014-1976.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2014-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
},
{
"name": "GLSA-201811-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0529.html"
},
{
"name": "MDVSA-2014:251",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
},
{
"name": "DSA-3129",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3129"
},
{
"name": "RHSA-2014:1976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-29T10:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2015:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
},
{
"name": "GLSA-201811-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0529.html"
},
{
"name": "MDVSA-2014:251",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
},
{
"name": "DSA-3129",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3129"
},
{
"name": "RHSA-2014:1976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8118",
"datePublished": "2014-12-16T18:00:00.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:50.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6088 (GCVE-0-2012-6088)
Vulnerability from cvelistv5 – Published: 2013-01-18 11:00 – Updated: 2024-08-06 21:21
VLAI
Summary
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=796375 | x_refsource_MISC |
| http://www.securityfocus.com/bid/57138 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/51706 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2013/01/03/9 | mailing-listx_refsource_MLIST |
| http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3B… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1694-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://rpm.org/wiki/Releases/4.10.2 | x_refsource_CONFIRM |
Date Public
2012-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=796375"
},
{
"name": "57138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57138"
},
{
"name": "51706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51706"
},
{
"name": "[oss-security] 20130103 Re: CVE Request -- rpm (X \u003e= 4.10 and X \u003c 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/03/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43"
},
{
"name": "USN-1694-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1694-1"
},
{
"name": "rpm-security-bypass(80953)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/wiki/Releases/4.10.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an \"unparseable signature,\" which allows remote attackers to bypass RPM signature checks via a crafted package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=796375"
},
{
"name": "57138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57138"
},
{
"name": "51706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51706"
},
{
"name": "[oss-security] 20130103 Re: CVE Request -- rpm (X \u003e= 4.10 and X \u003c 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/03/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43"
},
{
"name": "USN-1694-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1694-1"
},
{
"name": "rpm-security-bypass(80953)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/wiki/Releases/4.10.2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6088",
"datePublished": "2013-01-18T11:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:21:28.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0061 (GCVE-0-2012-0061)
Vulnerability from cvelistv5 – Published: 2012-06-04 20:00 – Updated: 2024-08-06 18:09
VLAI
Summary
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2012-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "MDVSA-2012:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
},
{
"name": "1026882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026882"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/wiki/Releases/4.9.1.3"
},
{
"name": "48716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48716"
},
{
"name": "81010",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81010"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
},
{
"name": "48651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48651"
},
{
"name": "RHSA-2012:0451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
},
{
"name": "FEDORA-2012-5421",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
},
{
"name": "52865",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52865"
},
{
"name": "USN-1695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"name": "openSUSE-SU-2012:0588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/14440932"
},
{
"name": "49110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49110"
},
{
"name": "FEDORA-2012-5420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
},
{
"name": "FEDORA-2012-5298",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
},
{
"name": "rpm-headerload-code-execution(74583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583"
},
{
"name": "openSUSE-SU-2012:0589",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/14441362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "MDVSA-2012:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
},
{
"name": "1026882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026882"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/wiki/Releases/4.9.1.3"
},
{
"name": "48716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48716"
},
{
"name": "81010",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81010"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
},
{
"name": "48651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48651"
},
{
"name": "RHSA-2012:0451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
},
{
"name": "FEDORA-2012-5421",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
},
{
"name": "52865",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52865"
},
{
"name": "USN-1695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"name": "openSUSE-SU-2012:0588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/14440932"
},
{
"name": "49110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49110"
},
{
"name": "FEDORA-2012-5420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
},
{
"name": "FEDORA-2012-5298",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
},
{
"name": "rpm-headerload-code-execution(74583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583"
},
{
"name": "openSUSE-SU-2012:0589",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/14441362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2012:0531",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "MDVSA-2012:056",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
},
{
"name": "1026882",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026882"
},
{
"name": "http://rpm.org/wiki/Releases/4.9.1.3",
"refsource": "CONFIRM",
"url": "http://rpm.org/wiki/Releases/4.9.1.3"
},
{
"name": "48716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48716"
},
{
"name": "81010",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81010"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=798585",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=798585"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b"
},
{
"name": "48651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48651"
},
{
"name": "RHSA-2012:0451",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
},
{
"name": "FEDORA-2012-5421",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
},
{
"name": "52865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52865"
},
{
"name": "USN-1695-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"name": "openSUSE-SU-2012:0588",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/14440932"
},
{
"name": "49110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49110"
},
{
"name": "FEDORA-2012-5420",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
},
{
"name": "FEDORA-2012-5298",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
},
{
"name": "rpm-headerload-code-execution(74583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74583"
},
{
"name": "openSUSE-SU-2012:0589",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/14441362"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0061",
"datePublished": "2012-06-04T20:00:00.000Z",
"dateReserved": "2011-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:09:17.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0060 (GCVE-0-2012-0060)
Vulnerability from cvelistv5 – Published: 2012-06-04 20:00 – Updated: 2024-08-06 18:09
VLAI
Summary
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2012-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "MDVSA-2012:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
},
{
"name": "1026882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026882"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/wiki/Releases/4.9.1.3"
},
{
"name": "48716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48716"
},
{
"name": "81010",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81010"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858"
},
{
"name": "48651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48651"
},
{
"name": "RHSA-2012:0451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
},
{
"name": "FEDORA-2012-5421",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190"
},
{
"name": "52865",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52865"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29"
},
{
"name": "USN-1695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"name": "openSUSE-SU-2012:0588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/14440932"
},
{
"name": "49110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49110"
},
{
"name": "rpm-loadsigverify-code-execution(74582)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582"
},
{
"name": "FEDORA-2012-5420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
},
{
"name": "FEDORA-2012-5298",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
},
{
"name": "openSUSE-SU-2012:0589",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/14441362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "MDVSA-2012:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
},
{
"name": "1026882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026882"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/wiki/Releases/4.9.1.3"
},
{
"name": "48716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48716"
},
{
"name": "81010",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81010"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858"
},
{
"name": "48651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48651"
},
{
"name": "RHSA-2012:0451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
},
{
"name": "FEDORA-2012-5421",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190"
},
{
"name": "52865",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52865"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29"
},
{
"name": "USN-1695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"name": "openSUSE-SU-2012:0588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/14440932"
},
{
"name": "49110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49110"
},
{
"name": "rpm-loadsigverify-code-execution(74582)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582"
},
{
"name": "FEDORA-2012-5420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
},
{
"name": "FEDORA-2012-5298",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
},
{
"name": "openSUSE-SU-2012:0589",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/14441362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2012:0531",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "MDVSA-2012:056",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
},
{
"name": "1026882",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026882"
},
{
"name": "http://rpm.org/wiki/Releases/4.9.1.3",
"refsource": "CONFIRM",
"url": "http://rpm.org/wiki/Releases/4.9.1.3"
},
{
"name": "48716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48716"
},
{
"name": "81010",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81010"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=744858",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=744858"
},
{
"name": "48651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48651"
},
{
"name": "RHSA-2012:0451",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
},
{
"name": "FEDORA-2012-5421",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190"
},
{
"name": "52865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52865"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29"
},
{
"name": "USN-1695-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"name": "openSUSE-SU-2012:0588",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/14440932"
},
{
"name": "49110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49110"
},
{
"name": "rpm-loadsigverify-code-execution(74582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582"
},
{
"name": "FEDORA-2012-5420",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
},
{
"name": "FEDORA-2012-5298",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
},
{
"name": "openSUSE-SU-2012:0589",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/14441362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0060",
"datePublished": "2012-06-04T20:00:00.000Z",
"dateReserved": "2011-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:09:17.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0815 (GCVE-0-2012-0815)
Vulnerability from cvelistv5 – Published: 2012-06-04 20:00 – Updated: 2024-08-06 18:38
VLAI
Summary
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2012-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "MDVSA-2012:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
},
{
"name": "1026882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/wiki/Releases/4.9.1.3"
},
{
"name": "48716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
},
{
"name": "48651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48651"
},
{
"name": "RHSA-2012:0451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
},
{
"name": "FEDORA-2012-5421",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
},
{
"name": "52865",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52865"
},
{
"name": "rpm-headerverifyinfo-code-execution(74581)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581"
},
{
"name": "USN-1695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"name": "openSUSE-SU-2012:0588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/14440932"
},
{
"name": "49110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49110"
},
{
"name": "FEDORA-2012-5420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
},
{
"name": "FEDORA-2012-5298",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
},
{
"name": "openSUSE-SU-2012:0589",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/14441362"
},
{
"name": "81009",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "MDVSA-2012:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
},
{
"name": "1026882",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/wiki/Releases/4.9.1.3"
},
{
"name": "48716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=472e569562d4c90d7a298080e0052856aa7fa86b"
},
{
"name": "48651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48651"
},
{
"name": "RHSA-2012:0451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
},
{
"name": "FEDORA-2012-5421",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
},
{
"name": "52865",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52865"
},
{
"name": "rpm-headerverifyinfo-code-execution(74581)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581"
},
{
"name": "USN-1695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"name": "openSUSE-SU-2012:0588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/14440932"
},
{
"name": "49110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49110"
},
{
"name": "FEDORA-2012-5420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
},
{
"name": "FEDORA-2012-5298",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
},
{
"name": "openSUSE-SU-2012:0589",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/14441362"
},
{
"name": "81009",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2012:0531",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "MDVSA-2012:056",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056"
},
{
"name": "1026882",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026882"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=744104",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=744104"
},
{
"name": "http://rpm.org/wiki/Releases/4.9.1.3",
"refsource": "CONFIRM",
"url": "http://rpm.org/wiki/Releases/4.9.1.3"
},
{
"name": "48716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48716"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b"
},
{
"name": "48651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48651"
},
{
"name": "RHSA-2012:0451",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0451.html"
},
{
"name": "FEDORA-2012-5421",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html"
},
{
"name": "52865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52865"
},
{
"name": "rpm-headerverifyinfo-code-execution(74581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74581"
},
{
"name": "USN-1695-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"name": "openSUSE-SU-2012:0588",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/14440932"
},
{
"name": "49110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49110"
},
{
"name": "FEDORA-2012-5420",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html"
},
{
"name": "FEDORA-2012-5298",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html"
},
{
"name": "openSUSE-SU-2012:0589",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/14441362"
},
{
"name": "81009",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81009"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0815",
"datePublished": "2012-06-04T20:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3378 (GCVE-0-2011-3378)
Vulnerability from cvelistv5 – Published: 2011-12-24 19:00 – Updated: 2024-08-06 23:29
VLAI
Summary
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=741612 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=741606 | x_refsource_CONFIRM |
| http://rpm.org/wiki/Releases/4.9.1.2#Security | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.openwall.com/lists/oss-security/2011/09/27/3 | mailing-listx_refsource_MLIST |
| http://www.redhat.com/support/errata/RHSA-2011-13… | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.ubuntu.com/usn/USN-1695-1 | vendor-advisoryx_refsource_UBUNTU |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3B… | x_refsource_CONFIRM |
| http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3B… | x_refsource_CONFIRM |
Date Public
2011-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=741612"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=741606"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/wiki/Releases/4.9.1.2#Security"
},
{
"name": "MDVSA-2011:143",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143"
},
{
"name": "[oss-security] 20110927 rpm/librpm/rpm-python memory corruption pre-verification",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/27/3"
},
{
"name": "RHSA-2011:1349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1349.html"
},
{
"name": "SUSE-SU-2011:1140",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html"
},
{
"name": "openSUSE-SU-2011:1203",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html"
},
{
"name": "USN-1695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=741612"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=741606"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/wiki/Releases/4.9.1.2#Security"
},
{
"name": "MDVSA-2011:143",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143"
},
{
"name": "[oss-security] 20110927 rpm/librpm/rpm-python memory corruption pre-verification",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/27/3"
},
{
"name": "RHSA-2011:1349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1349.html"
},
{
"name": "SUSE-SU-2011:1140",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html"
},
{
"name": "openSUSE-SU-2011:1203",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html"
},
{
"name": "USN-1695-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1695-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3378",
"datePublished": "2011-12-24T19:00:00.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2199 (GCVE-0-2010-2199)
Vulnerability from cvelistv5 – Published: 2010-06-08 18:00 – Updated: 2024-08-07 02:25
VLAI
Summary
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://bugzilla.redhat.com/show_bug.cgi?id=125517 | x_refsource_CONFIRM |
Date Public
2010-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rpm-fsm-security-bypass(59416)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "rpm-fsm-security-bypass(59416)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rpm-fsm-security-bypass(59416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2199",
"datePublished": "2010-06-08T18:00:00.000Z",
"dateReserved": "2010-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:25:07.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4889 (GCVE-0-2005-4889)
Vulnerability from cvelistv5 – Published: 2010-06-08 18:00 – Updated: 2024-08-08 00:01
VLAI
Summary
lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors… | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| https://bugzilla.redhat.com/show_bug.cgi?id=598775 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://bugzilla.redhat.com/show_bug.cgi?id=125517 | x_refsource_CONFIRM |
Date Public
2005-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
},
{
"name": "MDVSA-2010:180",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name": "rpm-setgid-privilege-escalation(59426)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
},
{
"name": "MDVSA-2010:180",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name": "rpm-setgid-privilege-escalation(59426)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz",
"refsource": "CONFIRM",
"url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
},
{
"name": "MDVSA-2010:180",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=598775",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name": "rpm-setgid-privilege-escalation(59426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4889",
"datePublished": "2010-06-08T18:00:00.000Z",
"dateReserved": "2010-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:01:23.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2198 (GCVE-0-2010-2198)
Vulnerability from cvelistv5 – Published: 2010-06-08 18:00 – Updated: 2024-09-16 23:01
VLAI
Summary
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/40028 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=oss-security&m=127559059928131&w=2 | mailing-listx_refsource_MLIST |
| http://www.osvdb.org/65144 | vdb-entryx_refsource_OSVDB |
| http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=598775 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2010/06/02/3 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2010/06/03/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2010/06/04/1 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40028"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
},
{
"name": "65144",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/65144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
},
{
"name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-08T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40028"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
},
{
"name": "65144",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/65144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
},
{
"name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40028"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
},
{
"name": "65144",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65144"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commit;h=4d172a194addc49851e558ea390d3045894e3230",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commit;h=4d172a194addc49851e558ea390d3045894e3230"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=598775",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
},
{
"name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2198",
"datePublished": "2010-06-08T18:00:00.000Z",
"dateReserved": "2010-06-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:01:58.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2197 (GCVE-0-2010-2197)
Vulnerability from cvelistv5 – Published: 2010-06-08 18:00 – Updated: 2024-08-07 02:25
VLAI
Summary
rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://bugzilla.redhat.com/show_bug.cgi?id=125517 | x_refsource_CONFIRM |
Date Public
2010-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:06.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rpm-rpmbuild-weak-security(59423)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "rpm-rpmbuild-weak-security(59423)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rpm-rpmbuild-weak-security(59423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59423"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2197",
"datePublished": "2010-06-08T18:00:00.000Z",
"dateReserved": "2010-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:25:06.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2059 (GCVE-0-2010-2059)
Vulnerability from cvelistv5 – Published: 2010-06-08 18:00 – Updated: 2024-08-07 02:17
VLAI
Summary
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2005-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
},
{
"name": "RHSA-2010:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383"
},
{
"name": "ADV-2011-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "65143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/65143"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "40028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40028"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
},
{
"name": "MDVSA-2010:180",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
},
{
"name": "[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/02/2"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
},
{
"name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
},
{
"name": "RHSA-2010:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383"
},
{
"name": "ADV-2011-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "65143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/65143"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "40028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40028"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
},
{
"name": "MDVSA-2010:180",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
},
{
"name": "[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/02/2"
},
{
"name": "SUSE-SR:2010:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
},
{
"name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2059",
"datePublished": "2010-06-08T18:00:00.000Z",
"dateReserved": "2010-05-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:14.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5466 (GCVE-0-2006-5466)
Vulnerability from cvelistv5 – Published: 2006-11-06 17:00 – Updated: 2024-08-07 19:48
VLAI
Summary
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-200611-08.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/22740 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/22854 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/usn-378-1 | vendor-advisoryx_refsource_UBUNTU |
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi… | x_refsource_MISC |
| http://securitytracker.com/id?1017160 | vdb-entryx_refsource_SECTRACK |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.securityfocus.com/bid/20906 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/22745 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/22768 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/4350 | vdb-entryx_refsource_VUPEN |
Date Public
2006-11-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-08.xml"
},
{
"name": "22740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22740"
},
{
"name": "22854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22854"
},
{
"name": "USN-378-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-378-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212833"
},
{
"name": "1017160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017160"
},
{
"name": "MDKSA-2006:200",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:200"
},
{
"name": "20906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20906"
},
{
"name": "22745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22745"
},
{
"name": "22768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22768"
},
{
"name": "ADV-2006-4350",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4350"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-15T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200611-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-08.xml"
},
{
"name": "22740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22740"
},
{
"name": "22854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22854"
},
{
"name": "USN-378-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-378-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212833"
},
{
"name": "1017160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017160"
},
{
"name": "MDKSA-2006:200",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:200"
},
{
"name": "20906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20906"
},
{
"name": "22745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22745"
},
{
"name": "22768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22768"
},
{
"name": "ADV-2006-4350",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4350"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-5466",
"datePublished": "2006-11-06T17:00:00.000Z",
"dateReserved": "2006-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:48:30.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}