ID CENTOS_RHSA-2014-1974.NASL Type nessus Reporter Tenable Modified 2016-04-28T00:00:00
Description
Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.
It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.
Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.
(CVE-2013-6435)
This issue was discovered by Florian Weimer of Red Hat Product Security.
All rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2014:1974 and
# CentOS Errata and Security Advisory 2014:1974 respectively.
#
include("compat.inc");
if (description)
{
script_id(79843);
script_version("$Revision: 1.5 $");
script_cvs_date("$Date: 2016/04/28 18:05:38 $");
script_cve_id("CVE-2013-6435");
script_bugtraq_id(71558);
script_osvdb_id(115601);
script_xref(name:"RHSA", value:"2014:1974");
script_name(english:"CentOS 5 / 6 : rpm (CESA-2014:1974)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated rpm packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.
Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
The RPM Package Manager (RPM) is a powerful command line driven
package management system capable of installing, uninstalling,
verifying, querying, and updating software packages. Each software
package consists of an archive of files along with information about
the package such as its version, description, and other information.
It was found that RPM wrote file contents to the target installation
directory under a temporary name, and verified its cryptographic
signature only after the temporary file has been written completely.
Under certain conditions, the system interprets the unverified
temporary file contents and extracts commands from it. This could
allow an attacker to modify signed RPM files in such a way that they
would execute code chosen by the attacker during package installation.
(CVE-2013-6435)
This issue was discovered by Florian Weimer of Red Hat Product
Security.
All rpm users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running
applications linked against the RPM library must be restarted for this
update to take effect."
);
# http://lists.centos.org/pipermail/centos-announce/2014-December/020818.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?2363ab05"
);
# http://lists.centos.org/pipermail/centos-announce/2014-December/020819.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?2596a74c"
);
script_set_attribute(attribute:"solution", value:"Update the affected rpm packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:popt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rpm-apidocs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rpm-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rpm-cron");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rpm-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rpm-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rpm-python");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
script_set_attribute(attribute:"patch_publication_date", value:"2014/12/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/CentOS/release")) audit(AUDIT_OS_NOT, "CentOS");
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-5", reference:"popt-1.10.2.3-36.el5_11")) flag++;
if (rpm_check(release:"CentOS-5", reference:"rpm-4.4.2.3-36.el5_11")) flag++;
if (rpm_check(release:"CentOS-5", reference:"rpm-apidocs-4.4.2.3-36.el5_11")) flag++;
if (rpm_check(release:"CentOS-5", reference:"rpm-build-4.4.2.3-36.el5_11")) flag++;
if (rpm_check(release:"CentOS-5", reference:"rpm-devel-4.4.2.3-36.el5_11")) flag++;
if (rpm_check(release:"CentOS-5", reference:"rpm-libs-4.4.2.3-36.el5_11")) flag++;
if (rpm_check(release:"CentOS-5", reference:"rpm-python-4.4.2.3-36.el5_11")) flag++;
if (rpm_check(release:"CentOS-6", reference:"rpm-4.8.0-38.el6_6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"rpm-apidocs-4.8.0-38.el6_6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"rpm-build-4.8.0-38.el6_6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"rpm-cron-4.8.0-38.el6_6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"rpm-devel-4.8.0-38.el6_6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"rpm-libs-4.8.0-38.el6_6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"rpm-python-4.8.0-38.el6_6")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"hash": "3b5d29ac9dd8be986f20fe68fc2aeb2c6da63272e6f40f842929358f09fea55a", "naslFamily": "CentOS Local Security Checks", "id": "CENTOS_RHSA-2014-1974.NASL", "lastseen": "2017-10-29T13:40:22", "viewCount": 2, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5ff51307bb0ed5d4af10319ad6e76084", "key": "cpe"}, {"hash": "eb1b4e9f0dd44878041fe7c3800d5e9b", "key": "cvelist"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "3e9c8c552dc2d104f113c053eea4d6ed", "key": "description"}, {"hash": "c3e17e9e4097843205a0c129fd616914", "key": "href"}, {"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "modified"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "3d1b0a704819990624bae8e696794822", "key": "pluginID"}, {"hash": "58df0331b0b83b92705d5ad37b568a55", "key": "published"}, {"hash": "1e3542a0056e69ba064c55eebe4d52f3", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "30a76c185edebaa4073faa21dec27324", "key": "sourceData"}, {"hash": "a4c07ef34d8b1a86dc6304709e7b3a66", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:rpm-python", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:rpm-apidocs", "p-cpe:/a:centos:centos:rpm-libs", "p-cpe:/a:centos:centos:rpm", "p-cpe:/a:centos:centos:rpm-build", "p-cpe:/a:centos:centos:rpm-cron", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:popt", "p-cpe:/a:centos:centos:rpm-devel"], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 2, "enchantments": {"vulnersScore": 7.5}, "type": "nessus", "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "title": "CentOS 5 / 6 : rpm (CESA-2014:1974)", "history": [{"bulletin": {"hash": "ff1fa88397c477a3037ec1ba8b5840bc1c197a29ac58266b30d7130186054ab9", "naslFamily": "CentOS Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:25:14", "enchantments": {}, "hashmap": [{"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "modified"}, {"hash": "eb1b4e9f0dd44878041fe7c3800d5e9b", "key": "cvelist"}, {"hash": "a4c07ef34d8b1a86dc6304709e7b3a66", "key": "title"}, {"hash": "3e9c8c552dc2d104f113c053eea4d6ed", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "58df0331b0b83b92705d5ad37b568a55", "key": "published"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "c3e17e9e4097843205a0c129fd616914", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "30a76c185edebaa4073faa21dec27324", "key": "sourceData"}, {"hash": "1e3542a0056e69ba064c55eebe4d52f3", "key": "references"}, {"hash": "3d1b0a704819990624bae8e696794822", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "CENTOS_RHSA-2014-1974.NASL", "type": "nessus", "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "viewCount": 1, "title": "CentOS 5 / 6 : rpm (CESA-2014:1974)", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2013-6435"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1974 and \n# CentOS Errata and Security Advisory 2014:1974 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79843);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/04/28 18:05:38 $\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_osvdb_id(115601);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"CentOS 5 / 6 : rpm (CESA-2014:1974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2363ab05\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2596a74c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "published": "2014-12-10T00:00:00", "pluginID": "79843", "references": ["http://www.nessus.org/u?2596a74c", "http://www.nessus.org/u?2363ab05"], "reporter": "Tenable", "modified": "2016-04-28T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79843"}, "lastseen": "2016-09-26T17:25:14", "edition": 1, "differentElements": ["cpe"]}], "objectVersion": "1.3", "cvelist": ["CVE-2013-6435"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1974 and \n# CentOS Errata and Security Advisory 2014:1974 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79843);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/04/28 18:05:38 $\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_osvdb_id(115601);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"CentOS 5 / 6 : rpm (CESA-2014:1974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2363ab05\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2596a74c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "published": "2014-12-10T00:00:00", "pluginID": "79843", "references": ["http://www.nessus.org/u?2596a74c", "http://www.nessus.org/u?2363ab05"], "reporter": "Tenable", "modified": "2016-04-28T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79843"}
{"result": {"cve": [{"id": "CVE-2013-6435", "type": "cve", "title": "CVE-2013-6435", "description": "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.", "published": "2014-12-16T13:59:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6435", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-04-18T15:54:10"}], "f5": [{"id": "F5:K16383", "type": "f5", "title": "Linux RPM vulnerability CVE-2013-6435", "description": "\nF5 Product Development has assigned ID 497065 (BIG-IP), ID 515751 (BIG-IQ), and ID 515752 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H515927 on the **Diagnostics **> **Identified **> **Medium **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Linux RPM files \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| High| Linux RPM files \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP PSM| 11.0.0 - 11.4.1 \n1010.0 - 10.2.4| None| High| Linux RPM files \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Linux RPM files \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Linux RPM files \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None| High| Linux RPM files \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| High| Linux RPM files \nBIG-IQ Device| 4.2.0 - 4.5.0| None| High| Linux RPM files \nBIG-IQ Security| 4.0.0 - 4.5.0| None| High| Linux RPM files \nBIG-IQ ADC| 4.5.0| None| High| Linux RPM files \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| High| Linux RPM files \nBIG-IQ Cloud and Orchestration| 1.0.0| None| High| Linux RPM files \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.2.0 - 2.5.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| None| Low| Linux RPM files\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can perform one of the following procedures:\n\nAll BIG-IP and BIG-IQ Modules\n\nFor all BIG-IP and BIG-IQ modules, allow only trusted users to access the system shell.\n\nTraffix SDC\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the Traffic SDC command line.\n 2. Import the GPG Keys from RedHat under the **/etc/pki/rpm-gpg/** directory, by typing the following command: \n\nrpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release\n\n 3. Verify that the RPM package is installed, by using the following command syntax: \n\nrpm -K <rpm_package_name>\n\nFor example, to verify the samba-common-3.6.23-14.el6_6.x86_64.rpm RPM, type the following command: \n\nrpm -K samba-common-3.6.23-14.el6_6.x86_64.rpm \n \nsamba-common-3.6.23-14.el6_6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "published": "2015-04-10T00:55:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K16383", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-06-08T00:16:40"}, {"id": "SOL16383", "type": "f5", "title": "SOL16383 - Linux RPM vulnerability CVE-2013-6435", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can perform one of the following procedures:\n\nAll BIG-IP and BIG-IQ Modules\n\nFor all BIG-IP and BIG-IQ modules, allow only trusted users to access the system shell.\n\nTraffix SDC\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the Traffic SDC command line.\n 2. Import the GPG Keys from RedHat under the **/etc/pki/rpm-gpg/** directory, by typing the following command: \n\nrpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release\n\n 3. Verify that the RPM package is installed, by using the following command syntax: \n\nrpm -K <rpm_package_name>\n\nFor example, to verify the samba-common-3.6.23-14.el6_6.x86_64.rpm RPM, type the following command: \n\nrpm -K samba-common-3.6.23-14.el6_6.x86_64.rpm \n \nsamba-common-3.6.23-14.el6_6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n", "published": "2015-04-09T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16383.html", "cvelist": ["CVE-2013-6435"], "lastseen": "2016-09-26T17:23:07"}], "oraclelinux": [{"id": "ELSA-2014-1974", "type": "oraclelinux", "title": "rpm security update", "description": "[4.4.2.3-36.0.1]\n- Add missing files in /usr/share/doc/\n[4.8.0-36]\n- Fix warning when applying the patch for #1163057\n[4.8.0-35]\n- Fix race condidition where unchecked data is exposed in the file system\n (CVE-2013-6435)(#1163057)", "published": "2014-12-09T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1974.html", "cvelist": ["CVE-2013-6435"], "lastseen": "2016-09-04T11:16:11"}, {"id": "ELSA-2014-1976", "type": "oraclelinux", "title": "rpm security update", "description": "[4.11.1-18]\n- Add check against malicious CPIO file name size (#1163060)\n- Fixes CVE-2014-8118\n[4.11.1-17]\n- Fix race condidition where unchecked data is exposed in the file system\n (#1163060)\n- Fixes CVE-2013-6435", "published": "2014-12-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1976.html", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2016-09-04T11:15:58"}], "nessus": [{"id": "ORACLELINUX_ELSA-2014-1974.NASL", "type": "nessus", "title": "Oracle Linux 5 / 6 : rpm (ELSA-2014-1974)", "description": "From Red Hat Security Advisory 2014:1974 :\n\nUpdated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "published": "2014-12-10T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79846", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-10-29T13:35:27"}, {"id": "REDHAT-RHSA-2014-1974.NASL", "type": "nessus", "title": "RHEL 5 / 6 : rpm (RHSA-2014:1974)", "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "published": "2014-12-10T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79849", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-10-29T13:33:35"}, {"id": "SL_20141209_RPM_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64", "description": "It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nAll running applications linked against the RPM library must be restarted for this update to take effect.", "published": "2014-12-15T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80015", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-10-29T13:36:35"}, {"id": "REDHAT-RHSA-2014-1975.NASL", "type": "nessus", "title": "RHEL 5 / 6 : rpm (RHSA-2014:1975)", "description": "Updated rpm packages that fix one security issue are now available Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support, Red Hat Enterprise Linux 6.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "published": "2014-12-10T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79850", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-10-29T13:42:27"}, {"id": "F5_BIGIP_SOL16383.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : Linux RPM vulnerability (SOL16383)", "description": "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory", "published": "2016-01-28T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=88435", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-10-29T13:45:19"}, {"id": "ORACLEVM_OVMSA-2014-0083.NASL", "type": "nessus", "title": "OracleVM 3.3 : rpm (OVMSA-2014-0083)", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix race condidition where unchecked data is exposed in the file system (CVE-2013-6435)(#1163059)\n\n - Fix thinko in the non-root python byte-compilation fix\n\n - Byte-compile versioned python libdirs in non-root prefix too (#868332)\n\n - Fix segfault on rpmdb addition when header unload fails (#706935)\n\n - Add a compat mode for enabling legacy rpm scriptlet error behavior (#963724)\n\n - Fix build-time double-free on file capability processing (#904818)\n\n - Fix include-directive getting processed on false branch (#920190)\n\n - Bring back --fileid in the man page with description of the id (#804049)\n\n - Fix missing error on --import on bogus key file (#869667)\n\n - Add DWARF 4 support to debugedit (#858731)\n\n - Add better error handling to patch for bug\n\n - Fix memory corruption on multikey PGP packets/armors (#829621)\n\n - Handle identical binaries for debug-info (#727872)\n\n - Fix typos in Japanese rpm man page (#845065)\n\n - Document -D and -E options in man page (#845063)\n\n - Add --setperms and --setuids to the man page (#839126)\n\n - Update man page that SHA256 is also used for file digest (#804049)\n\n - Remove --fileid from man page to get rid of md5\n\n - Remove -s from patch calls (#773503)\n\n - Force _host_vendor to redhat to better match toolchain (#743229)\n\n - Backport reloadConfig for Python API (#825147)\n\n - Support for dpkg-style sorting of tilde in version/release (#825087)\n\n - Fix explicit directory %attr when %defattr is active (#730473)\n\n - Don't load keyring if signature checking is disabled (#664696)\n\n - Retry read to fix rpm2cpio with pipe as stdin (#802839)", "published": "2014-12-15T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80008", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-10-29T13:43:24"}, {"id": "DEBIAN_DSA-3129.NASL", "type": "nessus", "title": "Debian DSA-3129-1 : rpm - security update", "description": "Two vulnerabilities have been discovered in the RPM package manager.\n\n - CVE-2013-6435 Florian Weimer discovered a race condition in package signature validation.\n\n - CVE-2014-8118 Florian Weimer discovered an integer overflow in parsing CPIO headers which might result in the execution of arbitrary code.", "published": "2015-01-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80573", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-10-29T13:42:56"}, {"id": "ORACLELINUX_ELSA-2014-1976.NASL", "type": "nessus", "title": "Oracle Linux 7 : rpm (ELSA-2014-1976)", "description": "From Red Hat Security Advisory 2014:1976 :\n\nUpdated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "published": "2014-12-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79847", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-10-29T13:42:01"}, {"id": "REDHAT-RHSA-2014-1976.NASL", "type": "nessus", "title": "RHEL 7 : rpm (RHSA-2014:1976)", "description": "Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "published": "2014-12-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79851", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-10-29T13:37:32"}, {"id": "CENTOS_RHSA-2014-1976.NASL", "type": "nessus", "title": "CentOS 7 : rpm (CESA-2014:1976)", "description": "Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "published": "2014-12-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79877", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-10-29T13:37:00"}], "centos": [{"id": "CESA-2014:1974", "type": "centos", "title": "popt, rpm security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:1974\n\n\nThe RPM Package Manager (RPM) is a powerful command line driven package\nmanagement system capable of installing, uninstalling, verifying, querying,\nand updating software packages. Each software package consists of an\narchive of files along with information about the package such as its\nversion, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic signature\nonly after the temporary file has been written completely. Under certain\nconditions, the system interprets the unverified temporary file contents\nand extracts commands from it. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the RPM library must be restarted for this update to take\neffect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n\n**Affected packages:**\npopt\nrpm\nrpm-apidocs\nrpm-build\nrpm-cron\nrpm-devel\nrpm-libs\nrpm-python\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1974.html", "published": "2014-12-09T20:01:37", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-December/020818.html", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-10-03T18:26:17"}, {"id": "CESA-2014:1976", "type": "centos", "title": "rpm security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:1976\n\n\nThe RPM Package Manager (RPM) is a powerful command line driven package\nmanagement system capable of installing, uninstalling, verifying, querying,\nand updating software packages. Each software package consists of an\narchive of files along with information about the package such as its\nversion, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic signature\nonly after the temporary file has been written completely. Under certain\nconditions, the system interprets the unverified temporary file contents\nand extracts commands from it. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to a\nstack-based buffer overflow, while parsing a crafted CPIO header in the\npayload section of an RPM file. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020821.html\n\n**Affected packages:**\nrpm\nrpm-apidocs\nrpm-build\nrpm-build-libs\nrpm-cron\nrpm-devel\nrpm-libs\nrpm-python\nrpm-sign\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1976.html", "published": "2014-12-10T12:49:42", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-December/020821.html", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-10-03T18:26:06"}], "openvas": [{"id": "OPENVAS:1361412562310123228", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1974", "description": "Oracle Linux Local Security Checks ELSA-2014-1974", "published": "2015-10-06T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123228", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-07-24T12:52:55"}, {"id": "OPENVAS:1361412562310850855", "type": "openvas", "title": "SuSE Update for rpm SUSE-SU-2015:0107-1 (rpm)", "description": "Check the version of rpm", "published": "2015-10-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850855", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-12-12T11:16:12"}, {"id": "OPENVAS:1361412562310868639", "type": "openvas", "title": "Fedora Update for rpm FEDORA-2014-16838", "description": "Check the version of rpm", "published": "2014-12-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868639", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-07-31T10:48:44"}, {"id": "OPENVAS:703129", "type": "openvas", "title": "Debian Security Advisory DSA 3129-1 (rpm - security update)", "description": "Two vulnerabilities have been discovered\nin the RPM package manager.\n\nCVE-2013-6435\nFlorian Weimer discovered a race condition in package signature\nvalidation.\n\nCVE-2014-8118\nFlorian Weimer discovered an integer overflow in parsing CPIO headers\nwhich might result in the execution of arbitrary code.", "published": "2015-01-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703129", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-07-24T12:52:52"}, {"id": "OPENVAS:1361412562310123229", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1976", "description": "Oracle Linux Local Security Checks ELSA-2014-1976", "published": "2015-10-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123229", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-07-24T12:53:42"}, {"id": "OPENVAS:1361412562310120019", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2014-458", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120019", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-07-31T10:49:00"}, {"id": "OPENVAS:1361412562310703129", "type": "openvas", "title": "Debian Security Advisory DSA 3129-1 (rpm - security update)", "description": "Two vulnerabilities have been discovered\nin the RPM package manager.\n\nCVE-2013-6435\nFlorian Weimer discovered a race condition in package signature\nvalidation.\n\nCVE-2014-8118\nFlorian Weimer discovered an integer overflow in parsing CPIO headers\nwhich might result in the execution of arbitrary code.", "published": "2015-01-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703129", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2018-04-06T11:26:01"}, {"id": "OPENVAS:1361412562310868888", "type": "openvas", "title": "Fedora Update for rpm FEDORA-2014-16890", "description": "Check the version of rpm", "published": "2015-01-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868888", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-07-25T10:52:21"}, {"id": "OPENVAS:1361412562310850838", "type": "openvas", "title": "SuSE Update for popt SUSE-SU-2014:1697-1 (popt)", "description": "Check the version of popt", "published": "2015-10-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850838", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-12-12T11:15:35"}, {"id": "OPENVAS:1361412562310842056", "type": "openvas", "title": "Ubuntu Update for rpm USN-2479-1", "description": "Check the version of rpm", "published": "2015-01-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842056", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2017-12-04T11:24:41"}], "redhat": [{"id": "RHSA-2014:1975", "type": "redhat", "title": "(RHSA-2014:1975) Important: rpm security update", "description": "The RPM Package Manager (RPM) is a powerful command line driven package\nmanagement system capable of installing, uninstalling, verifying, querying,\nand updating software packages. Each software package consists of an\narchive of files along with information about the package such as its\nversion, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic signature\nonly after the temporary file has been written completely. Under certain\nconditions, the system interprets the unverified temporary file contents\nand extracts commands from it. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the RPM library must be restarted for this update to take\neffect.\n", "published": "2014-12-09T05:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1975", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-09-09T07:20:30"}, {"id": "RHSA-2014:1974", "type": "redhat", "title": "(RHSA-2014:1974) Important: rpm security update", "description": "The RPM Package Manager (RPM) is a powerful command line driven package\nmanagement system capable of installing, uninstalling, verifying, querying,\nand updating software packages. Each software package consists of an\narchive of files along with information about the package such as its\nversion, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic signature\nonly after the temporary file has been written completely. Under certain\nconditions, the system interprets the unverified temporary file contents\nand extracts commands from it. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the RPM library must be restarted for this update to take\neffect.\n", "published": "2014-12-09T05:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1974", "cvelist": ["CVE-2013-6435"], "lastseen": "2017-09-09T07:19:55"}, {"id": "RHSA-2014:1976", "type": "redhat", "title": "(RHSA-2014:1976) Important: rpm security update", "description": "The RPM Package Manager (RPM) is a powerful command line driven package\nmanagement system capable of installing, uninstalling, verifying, querying,\nand updating software packages. Each software package consists of an\narchive of files along with information about the package such as its\nversion, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic signature\nonly after the temporary file has been written completely. Under certain\nconditions, the system interprets the unverified temporary file contents\nand extracts commands from it. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to a\nstack-based buffer overflow, while parsing a crafted CPIO header in the\npayload section of an RPM file. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\n", "published": "2014-12-09T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1976", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2018-04-15T14:25:07"}], "suse": [{"id": "SUSE-SU-2015:0107-1", "type": "suse", "title": "Security update for rpm (important)", "description": "This rpm update fixes the following security and non-security issues:\n\n - bnc#908128: Check for bad invalid name sizes (CVE-2014-8118)\n - bnc#906803: Create files with mode 0 (CVE-2013-6435)\n - bnc#892431: Honor --noglob in install mode\n - bnc#911228: Fix noglob patch, it broke files with space.\n\n", "published": "2015-01-22T18:04:56", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00018.html", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2016-09-04T12:47:50"}, {"id": "SUSE-SU-2014:1697-1", "type": "suse", "title": "Security update for popt (important)", "description": "This rpm update fixes the following security and non security issues.\n\n * bnc#908128: check for bad invalid name sizes (CVE-2014-8118)\n * bnc#906803: create files with mode 0 (CVE-2013-6435)\n * bnc#892431: honor --noglob in install mode\n\n Security Issues:\n\n * CVE-2014-8118\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118</a>>\n * CVE-2013-6435\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435</a>>\n\n", "published": "2014-12-24T08:05:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00030.html", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2016-09-04T12:25:49"}], "amazon": [{"id": "ALAS-2014-458", "type": "amazon", "title": "Important: rpm", "description": "**Issue Overview:**\n\nIt was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. ([CVE-2014-8118 __](<https://access.redhat.com/security/cve/CVE-2014-8118>))\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. Red Hat has published an [excellent analysis](<https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/>) of this issue. ([CVE-2013-6435 __](<https://access.redhat.com/security/cve/CVE-2013-6435>))\n\n \n**Affected Packages:** \n\n\nrpm\n\n \n**Issue Correction:** \nRun _yum update rpm_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n rpm-4.11.2-2.58.amzn1.i686 \n rpm-sign-4.11.2-2.58.amzn1.i686 \n rpm-build-libs-4.11.2-2.58.amzn1.i686 \n rpm-devel-4.11.2-2.58.amzn1.i686 \n rpm-python-4.11.2-2.58.amzn1.i686 \n rpm-debuginfo-4.11.2-2.58.amzn1.i686 \n rpm-build-4.11.2-2.58.amzn1.i686 \n rpm-libs-4.11.2-2.58.amzn1.i686 \n \n noarch: \n rpm-cron-4.11.2-2.58.amzn1.noarch \n rpm-apidocs-4.11.2-2.58.amzn1.noarch \n \n src: \n rpm-4.11.2-2.58.amzn1.src \n \n x86_64: \n rpm-devel-4.11.2-2.58.amzn1.x86_64 \n rpm-sign-4.11.2-2.58.amzn1.x86_64 \n rpm-build-libs-4.11.2-2.58.amzn1.x86_64 \n rpm-python-4.11.2-2.58.amzn1.x86_64 \n rpm-4.11.2-2.58.amzn1.x86_64 \n rpm-libs-4.11.2-2.58.amzn1.x86_64 \n rpm-debuginfo-4.11.2-2.58.amzn1.x86_64 \n rpm-build-4.11.2-2.58.amzn1.x86_64 \n \n \n", "published": "2014-12-09T07:34:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2014-458.html", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2016-09-28T21:04:12"}], "debian": [{"id": "DSA-3129", "type": "debian", "title": "rpm -- security update", "description": "Two vulnerabilities have been discovered in the RPM package manager.\n\n * [CVE-2013-6435](<https://security-tracker.debian.org/tracker/CVE-2013-6435>)\n\nFlorian Weimer discovered a race condition in package signature validation.\n\n * [CVE-2014-8118](<https://security-tracker.debian.org/tracker/CVE-2014-8118>)\n\nFlorian Weimer discovered an integer overflow in parsing CPIO headers which might result in the execution of arbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 4.10.0-5+deb7u2.\n\nFor the upcoming stable distribution (jessie), these problems have been fixed in version 4.11.3-1.1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 4.11.3-1.1.\n\nWe recommend that you upgrade your rpm packages.", "published": "2015-01-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3129", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2016-09-02T18:36:59"}, {"id": "DLA-140", "type": "debian", "title": "rpm -- LTS security update", "description": "Several vulnerabilities have been fixed in rpm:\n\n * [CVE-2014-8118](<https://security-tracker.debian.org/tracker/CVE-2014-8118>)\n\nFix integer overflow which allowed remote attackers to execute arbitrary code.\n\n * [CVE-2013-6435](<https://security-tracker.debian.org/tracker/CVE-2013-6435>)\n\nPrevent remote attackers from executing arbitrary code via crafted RPM files.\n\n * [CVE-2012-0815](<https://security-tracker.debian.org/tracker/CVE-2012-0815>)\n\nFix denial of service and possible code execution via negative value in region offset in crafted RPM files.\n\n * [CVE-2012-0060](<https://security-tracker.debian.org/tracker/CVE-2012-0060>)\n\nand [CVE-2012-0061](<https://security-tracker.debian.org/tracker/CVE-2012-0061>)\n\nPrevent denial of service (crash) and possibly execute arbitrary code execution via an invalid region tag in RPM files.\n\nWe recommend that you upgrade your rpm packages.\n\nFor Debian 6 Squeeze, these issues have been fixed in rpm version 4.8.1-6+squeeze2", "published": "2015-01-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/2015/dla-140", "cvelist": ["CVE-2012-0815", "CVE-2013-6435", "CVE-2014-8118", "CVE-2012-0061", "CVE-2012-0060"], "lastseen": "2016-09-02T12:56:29"}], "ubuntu": [{"id": "USN-2479-1", "type": "ubuntu", "title": "RPM vulnerabilities", "description": "Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. (CVE-2013-6435)\n\nFlorian Weimer discovered that RPM incorrectly handled certain CPIO headers. If a user or automated system were tricked into installing a malicious package file, a remote attacker could use this issue to cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8118)", "published": "2015-01-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2479-1/", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "lastseen": "2018-03-29T18:20:35"}]}}