Lucene search

[email protected]CVE-2012-6088

HistoryJan 18, 2013 - 11:48 a.m.

CVE-2012-6088

2013-01-1811:48:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2012-6088

rpm

signature bypass

remote attackers

vulnerability

security

nvd

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

79.2%

JSON

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an “unparseable signature,” which allows remote attackers to bypass RPM signature checks via a crafted package.

CPENameOperatorVersion
rpm:rpmrpmeq4.10.0
rpm:rpmrpmeq4.10.1

CPE	Name	Operator	Version
rpm:rpm	rpm	eq	4.10.0
rpm:rpm	rpm	eq	4.10.1

References

rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=3d74c43

rpm.org/wiki/Releases/4.10.2

secunia.com/advisories/51706

www.openwall.com/lists/oss-security/2013/01/03/9

www.securityfocus.com/bid/57138

www.ubuntu.com/usn/USN-1694-1

bugzilla.novell.com/show_bug.cgi?id=796375

exchange.xforce.ibmcloud.com/vulnerabilities/80953

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

79.2%

JSON

Related for CVE-2012-6088

nessus1 ubuntucve1 cvelist1 prion1 openvas2 redhatcve1 ubuntu1 kaspersky1 debiancve1