{"id": "CENTOS_RHSA-2014-1974.NASL", "bulletinFamily": "scanner", "title": "CentOS 5 / 6 : rpm (CESA-2014:1974)", "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "published": "2014-12-10T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79843", "reporter": "Tenable", "references": ["http://www.nessus.org/u?eb07d648", "http://www.nessus.org/u?2f2542f3"], "cvelist": ["CVE-2013-6435"], "type": "nessus", "lastseen": "2018-11-11T12:55:11", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-6435"], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 1, "enchantments": {}, "hash": "ff1fa88397c477a3037ec1ba8b5840bc1c197a29ac58266b30d7130186054ab9", "hashmap": [{"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "modified"}, {"hash": "eb1b4e9f0dd44878041fe7c3800d5e9b", "key": "cvelist"}, {"hash": "a4c07ef34d8b1a86dc6304709e7b3a66", "key": "title"}, {"hash": "3e9c8c552dc2d104f113c053eea4d6ed", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "58df0331b0b83b92705d5ad37b568a55", "key": "published"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "c3e17e9e4097843205a0c129fd616914", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "30a76c185edebaa4073faa21dec27324", "key": "sourceData"}, {"hash": "1e3542a0056e69ba064c55eebe4d52f3", "key": "references"}, {"hash": "3d1b0a704819990624bae8e696794822", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79843", "id": "CENTOS_RHSA-2014-1974.NASL", "lastseen": "2016-09-26T17:25:14", "modified": "2016-04-28T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "79843", "published": "2014-12-10T00:00:00", "references": ["http://www.nessus.org/u?2596a74c", "http://www.nessus.org/u?2363ab05"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1974 and \n# CentOS Errata and Security Advisory 2014:1974 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79843);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/04/28 18:05:38 $\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_osvdb_id(115601);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"CentOS 5 / 6 : rpm (CESA-2014:1974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2363ab05\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2596a74c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 : rpm (CESA-2014:1974)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:14"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:rpm-python", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:rpm-apidocs", "p-cpe:/a:centos:centos:rpm-libs", "p-cpe:/a:centos:centos:rpm", "p-cpe:/a:centos:centos:rpm-build", "p-cpe:/a:centos:centos:rpm-cron", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:popt", "p-cpe:/a:centos:centos:rpm-devel"], "cvelist": ["CVE-2013-6435"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "dde5c088b8b0c434958e82ddcef4822a254742e09bc8988ec6b16af5c3c9b1a9", "hashmap": [{"hash": "eb1b4e9f0dd44878041fe7c3800d5e9b", "key": "cvelist"}, {"hash": "a4c07ef34d8b1a86dc6304709e7b3a66", "key": "title"}, {"hash": "a301cac67b0527e956c5947bd691b46e", "key": "sourceData"}, {"hash": "3e9c8c552dc2d104f113c053eea4d6ed", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "58df0331b0b83b92705d5ad37b568a55", "key": "published"}, {"hash": "c3e17e9e4097843205a0c129fd616914", "key": "href"}, {"hash": "5ff51307bb0ed5d4af10319ad6e76084", "key": "cpe"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1e3542a0056e69ba064c55eebe4d52f3", "key": "references"}, {"hash": "3d1b0a704819990624bae8e696794822", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79843", "id": "CENTOS_RHSA-2014-1974.NASL", "lastseen": "2018-08-30T19:47:27", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "79843", "published": "2014-12-10T00:00:00", "references": ["http://www.nessus.org/u?2596a74c", "http://www.nessus.org/u?2363ab05"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1974 and \n# CentOS Errata and Security Advisory 2014:1974 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79843);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"CentOS 5 / 6 : rpm (CESA-2014:1974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2363ab05\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2596a74c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 : rpm (CESA-2014:1974)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:47:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:rpm-python", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:rpm-apidocs", "p-cpe:/a:centos:centos:rpm-libs", "p-cpe:/a:centos:centos:rpm", "p-cpe:/a:centos:centos:rpm-build", "p-cpe:/a:centos:centos:rpm-cron", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:popt", "p-cpe:/a:centos:centos:rpm-devel"], "cvelist": ["CVE-2013-6435"], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "65102a108e13cfa8596d76b72c19cc6a198a22fa6356b2e732fc1e1c42945470", "hashmap": [{"hash": "eb1b4e9f0dd44878041fe7c3800d5e9b", "key": "cvelist"}, {"hash": "a4c07ef34d8b1a86dc6304709e7b3a66", "key": "title"}, {"hash": "a301cac67b0527e956c5947bd691b46e", "key": "sourceData"}, {"hash": "3e9c8c552dc2d104f113c053eea4d6ed", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "58df0331b0b83b92705d5ad37b568a55", "key": "published"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "c3e17e9e4097843205a0c129fd616914", "key": "href"}, {"hash": "5ff51307bb0ed5d4af10319ad6e76084", "key": "cpe"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1e3542a0056e69ba064c55eebe4d52f3", "key": "references"}, {"hash": "3d1b0a704819990624bae8e696794822", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79843", "id": "CENTOS_RHSA-2014-1974.NASL", "lastseen": "2018-09-01T23:52:56", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "79843", "published": "2014-12-10T00:00:00", "references": ["http://www.nessus.org/u?2596a74c", "http://www.nessus.org/u?2363ab05"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1974 and \n# CentOS Errata and Security Advisory 2014:1974 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79843);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"CentOS 5 / 6 : rpm (CESA-2014:1974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2363ab05\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2596a74c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 : rpm (CESA-2014:1974)", "type": "nessus", "viewCount": 2}, "differentElements": ["sourceData"], "edition": 5, "lastseen": "2018-09-01T23:52:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:rpm-python", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:rpm-apidocs", "p-cpe:/a:centos:centos:rpm-libs", "p-cpe:/a:centos:centos:rpm", "p-cpe:/a:centos:centos:rpm-build", "p-cpe:/a:centos:centos:rpm-cron", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:popt", "p-cpe:/a:centos:centos:rpm-devel"], "cvelist": ["CVE-2013-6435"], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "65102a108e13cfa8596d76b72c19cc6a198a22fa6356b2e732fc1e1c42945470", "hashmap": [{"hash": "eb1b4e9f0dd44878041fe7c3800d5e9b", "key": "cvelist"}, {"hash": "a4c07ef34d8b1a86dc6304709e7b3a66", "key": "title"}, {"hash": "a301cac67b0527e956c5947bd691b46e", "key": "sourceData"}, {"hash": "3e9c8c552dc2d104f113c053eea4d6ed", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "58df0331b0b83b92705d5ad37b568a55", "key": "published"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "c3e17e9e4097843205a0c129fd616914", "key": "href"}, {"hash": "5ff51307bb0ed5d4af10319ad6e76084", "key": "cpe"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1e3542a0056e69ba064c55eebe4d52f3", "key": "references"}, {"hash": "3d1b0a704819990624bae8e696794822", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79843", "id": "CENTOS_RHSA-2014-1974.NASL", "lastseen": "2018-07-03T10:00:44", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "79843", "published": "2014-12-10T00:00:00", "references": ["http://www.nessus.org/u?2596a74c", "http://www.nessus.org/u?2363ab05"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1974 and \n# CentOS Errata and Security Advisory 2014:1974 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79843);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"CentOS 5 / 6 : rpm (CESA-2014:1974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2363ab05\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2596a74c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 : rpm (CESA-2014:1974)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-03T10:00:44"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:rpm-python", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:rpm-apidocs", "p-cpe:/a:centos:centos:rpm-libs", "p-cpe:/a:centos:centos:rpm", "p-cpe:/a:centos:centos:rpm-build", "p-cpe:/a:centos:centos:rpm-cron", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:popt", "p-cpe:/a:centos:centos:rpm-devel"], "cvelist": ["CVE-2013-6435"], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d97003d148d58f8a382019473d3cda27d82dc3264303ce37b6f7faf875d04812", "hashmap": [{"hash": "95d0385a9c7d6a9b55d2e88563c7b8b9", "key": "sourceData"}, {"hash": "eb1b4e9f0dd44878041fe7c3800d5e9b", "key": "cvelist"}, {"hash": "a4c07ef34d8b1a86dc6304709e7b3a66", "key": "title"}, {"hash": "3e9c8c552dc2d104f113c053eea4d6ed", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "58df0331b0b83b92705d5ad37b568a55", "key": "published"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "c3e17e9e4097843205a0c129fd616914", "key": "href"}, {"hash": "5ff51307bb0ed5d4af10319ad6e76084", "key": "cpe"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1e3542a0056e69ba064c55eebe4d52f3", "key": "references"}, {"hash": "3d1b0a704819990624bae8e696794822", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79843", "id": "CENTOS_RHSA-2014-1974.NASL", "lastseen": "2018-11-11T08:33:46", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "79843", "published": "2014-12-10T00:00:00", "references": ["http://www.nessus.org/u?2596a74c", "http://www.nessus.org/u?2363ab05"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1974 and \n# CentOS Errata and Security Advisory 2014:1974 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79843);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"CentOS 5 / 6 : rpm (CESA-2014:1974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f2542f3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb07d648\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 : rpm (CESA-2014:1974)", "type": "nessus", "viewCount": 2}, "differentElements": ["references", "modified"], "edition": 6, "lastseen": "2018-11-11T08:33:46"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:rpm-python", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:rpm-apidocs", "p-cpe:/a:centos:centos:rpm-libs", "p-cpe:/a:centos:centos:rpm", "p-cpe:/a:centos:centos:rpm-build", "p-cpe:/a:centos:centos:rpm-cron", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:popt", "p-cpe:/a:centos:centos:rpm-devel"], "cvelist": ["CVE-2013-6435"], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "3b5d29ac9dd8be986f20fe68fc2aeb2c6da63272e6f40f842929358f09fea55a", "hashmap": [{"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "modified"}, {"hash": "eb1b4e9f0dd44878041fe7c3800d5e9b", "key": "cvelist"}, {"hash": "a4c07ef34d8b1a86dc6304709e7b3a66", "key": "title"}, {"hash": "3e9c8c552dc2d104f113c053eea4d6ed", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "58df0331b0b83b92705d5ad37b568a55", "key": "published"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "c3e17e9e4097843205a0c129fd616914", "key": "href"}, {"hash": "5ff51307bb0ed5d4af10319ad6e76084", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "30a76c185edebaa4073faa21dec27324", "key": "sourceData"}, {"hash": "1e3542a0056e69ba064c55eebe4d52f3", "key": "references"}, {"hash": "3d1b0a704819990624bae8e696794822", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79843", "id": "CENTOS_RHSA-2014-1974.NASL", "lastseen": "2017-10-29T13:40:22", "modified": "2016-04-28T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "79843", "published": "2014-12-10T00:00:00", "references": ["http://www.nessus.org/u?2596a74c", "http://www.nessus.org/u?2363ab05"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1974 and \n# CentOS Errata and Security Advisory 2014:1974 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79843);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/04/28 18:05:38 $\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_osvdb_id(115601);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"CentOS 5 / 6 : rpm (CESA-2014:1974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2363ab05\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2596a74c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 / 6 : rpm (CESA-2014:1974)", "type": "nessus", "viewCount": 2}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:40:22"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "5ff51307bb0ed5d4af10319ad6e76084"}, {"key": "cvelist", "hash": "eb1b4e9f0dd44878041fe7c3800d5e9b"}, {"key": "cvss", "hash": "774fce555a963c00be305187dd6dff95"}, {"key": "description", "hash": "3e9c8c552dc2d104f113c053eea4d6ed"}, {"key": "href", "hash": "c3e17e9e4097843205a0c129fd616914"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "3d1b0a704819990624bae8e696794822"}, {"key": "published", "hash": "58df0331b0b83b92705d5ad37b568a55"}, {"key": "references", "hash": "78090827ffb7fc5a8f0fa4953a7f4de5"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "95d0385a9c7d6a9b55d2e88563c7b8b9"}, {"key": "title", "hash": "a4c07ef34d8b1a86dc6304709e7b3a66"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "aea1c540cc1da18399ccd1ddd2303c2c80151a4a329a70e0af2ccf383cb80ded", "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1974 and \n# CentOS Errata and Security Advisory 2014:1974 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79843);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"CentOS 5 / 6 : rpm (CESA-2014:1974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f2542f3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb07d648\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "79843", "cpe": ["p-cpe:/a:centos:centos:rpm-python", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:rpm-apidocs", "p-cpe:/a:centos:centos:rpm-libs", "p-cpe:/a:centos:centos:rpm", "p-cpe:/a:centos:centos:rpm-build", "p-cpe:/a:centos:centos:rpm-cron", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:popt", "p-cpe:/a:centos:centos:rpm-devel"]}

{"cve": [{"lastseen": "2018-11-30T12:00:21", "references": ["http://www.debian.org/security/2015/dsa-3129", "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "http://rhn.redhat.com/errata/RHSA-2014-1974.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056", "http://rhn.redhat.com/errata/RHSA-2014-1976.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1039811", "http://advisories.mageia.org/MGASA-2014-0529.html", "http://www.securityfocus.com/bid/71558", "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/", "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251", "https://security.gentoo.org/glsa/201811-22", "http://rhn.redhat.com/errata/RHSA-2014-1975.html"], "description": "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.", "edition": 3, "reporter": "NVD", "published": "2014-12-16T13:59:00", "title": "CVE-2013-6435", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-6435"], "scanner": [], "modified": "2018-11-29T06:29:00", "cpe": ["cpe:/a:rpm:rpm:2.5.4", "cpe:/a:rpm:rpm:2.3.1", "cpe:/a:rpm:rpm:4.4.2.1", "cpe:/a:rpm:rpm:2.3.9", "cpe:/a:rpm:rpm:2.0", "cpe:/a:rpm:rpm:4.6.0:rc2", "cpe:/a:rpm:rpm:2.2.10", "cpe:/a:rpm:rpm:2.0.9", "cpe:/a:rpm:rpm:4.10.0", "cpe:/a:rpm:rpm:2.2.11", "cpe:/a:rpm:rpm:2.0.7", "cpe:/a:rpm:rpm:2.3.5", "cpe:/a:rpm:rpm:4.8.0", "cpe:/a:rpm:rpm:2.4.5", "cpe:/a:rpm:rpm:2.2.8", "cpe:/a:rpm:rpm:2.5.6", "cpe:/a:rpm:rpm:3.0.3", "cpe:/a:rpm:rpm:2.3.6", "cpe:/a:rpm:rpm:2.2", "cpe:/a:rpm:rpm:1.4.5", "cpe:/a:rpm:rpm:2.3.2", "cpe:/a:rpm:rpm:4.9.0", "cpe:/a:rpm:rpm:3.0.1", "cpe:/a:rpm:rpm:4.10.1", "cpe:/a:rpm:rpm:2.2.3.10", "cpe:/a:rpm:rpm:4.8.1", "cpe:/a:rpm:rpm:4.9.1.1", "cpe:/a:rpm:rpm:2.4.2", "cpe:/a:rpm:rpm:4.11.1", "cpe:/a:rpm:rpm:2.0.10", "cpe:/a:rpm:rpm:4.3.3", "cpe:/a:rpm:rpm:1.4.2%2fa", "cpe:/a:rpm:rpm:1.4.2", "cpe:/a:rpm:rpm:1.4.3", "cpe:/a:rpm:rpm:1.4.4", "cpe:/a:rpm:rpm:2.3", "cpe:/a:rpm:rpm:4.0.4", "cpe:/a:rpm:rpm:2.0.5", "cpe:/a:rpm:rpm:2.5.5", "cpe:/a:rpm:rpm:2.3.4", "cpe:/a:rpm:rpm:2.2.7", "cpe:/a:rpm:rpm:2.2.5", "cpe:/a:rpm:rpm:4.6.0", "cpe:/a:rpm:rpm:2.5.2", "cpe:/a:rpm:rpm:4.10.2", "cpe:/a:rpm:rpm:2.1.2", "cpe:/a:rpm:rpm:2.0.2", "cpe:/a:rpm:rpm:4.6.0:rc3", "cpe:/a:rpm:rpm:2.3.3", "cpe:/a:rpm:rpm:2.5", "cpe:/a:rpm:rpm:3.0.4", "cpe:/a:rpm:rpm:4.0.2", "cpe:/a:rpm:rpm:2.2.4", "cpe:/a:rpm:rpm:2.2.3.11", "cpe:/a:rpm:rpm:4.1", "cpe:/a:rpm:rpm:3.0.2", "cpe:/a:rpm:rpm:2.1.1", "cpe:/a:rpm:rpm:1.4", "cpe:/a:rpm:rpm:2.0.8", "cpe:/a:rpm:rpm:4.9.0:alpha", "cpe:/a:rpm:rpm:2.2.3", "cpe:/a:rpm:rpm:2.4.3", "cpe:/a:rpm:rpm:4.9.1.2", "cpe:/a:rpm:rpm:1.3", "cpe:/a:rpm:rpm:2.2.9", "cpe:/a:rpm:rpm:1.2", "cpe:/a:rpm:rpm:3.0.6", "cpe:/a:rpm:rpm:2.3.8", "cpe:/a:rpm:rpm:4.7.1", "cpe:/a:rpm:rpm:4.7.0", "cpe:/a:rpm:rpm:2.2.2", "cpe:/a:rpm:rpm:4.0.3", "cpe:/a:rpm:rpm:2.3.7", "cpe:/a:rpm:rpm:2.4.6", "cpe:/a:rpm:rpm:4.9.0:beta1", "cpe:/a:rpm:rpm:4.5.90", "cpe:/a:rpm:rpm:4.6.0:rc4", "cpe:/a:rpm:rpm:2.5.1", "cpe:/a:rpm:rpm:1.4.6", "cpe:/a:rpm:rpm:2.0.3", "cpe:/a:rpm:rpm:2.4.1", "cpe:/a:rpm:rpm:4.0.", "cpe:/a:rpm:rpm:1.4.7", "cpe:/a:rpm:rpm:1.3.1", "cpe:/a:rpm:rpm:2.0.11", "cpe:/a:rpm:rpm:2.4.4", "cpe:/a:rpm:rpm:2.0.1", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:rpm:rpm:2.2.1", "cpe:/a:rpm:rpm:2.2.6", "cpe:/a:rpm:rpm:2.4.11", "cpe:/a:rpm:rpm:4.4.2.3", "cpe:/a:rpm:rpm:2.1", "cpe:/a:rpm:rpm:2.4.8", "cpe:/a:rpm:rpm:3.0.5", "cpe:/a:rpm:rpm:4.9.1", "cpe:/a:rpm:rpm:4.6.0:rc1", "cpe:/a:rpm:rpm:3.0", "cpe:/a:rpm:rpm:4.7.2", "cpe:/a:rpm:rpm:4.6.1", "cpe:/a:rpm:rpm:2.5.3", "cpe:/a:rpm:rpm:2.0.4", "cpe:/a:rpm:rpm:1.4.1", "cpe:/a:rpm:rpm:4.4.2.2", "cpe:/a:rpm:rpm:2.0.6", "cpe:/a:rpm:rpm:2.4.9", "cpe:/a:rpm:rpm:4.0.1", "cpe:/a:rpm:rpm:2.6.7", "cpe:/a:rpm:rpm:4.9.0:rc1", "cpe:/a:rpm:rpm:2.4.12"], "id": "CVE-2013-6435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6435", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:40", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 497065 (BIG-IP), ID 515751 (BIG-IQ), and ID 515752 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H515927 on the **Diagnostics **&gt; **Identified **&gt; **Medium **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Linux RPM files \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| High| Linux RPM files \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1| High| Linux RPM files \nBIG-IP PSM| 11.0.0 - 11.4.1 \n1010.0 - 10.2.4| None| High| Linux RPM files \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Linux RPM files \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Linux RPM files \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None| High| Linux RPM files \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| High| Linux RPM files \nBIG-IQ Device| 4.2.0 - 4.5.0| None| High| Linux RPM files \nBIG-IQ Security| 4.0.0 - 4.5.0| None| High| Linux RPM files \nBIG-IQ ADC| 4.5.0| None| High| Linux RPM files \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| High| Linux RPM files \nBIG-IQ Cloud and Orchestration| 1.0.0| None| High| Linux RPM files \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.2.0 - 2.5.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| None| Low| Linux RPM files\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can perform one of the following procedures:\n\nAll BIG-IP and BIG-IQ Modules\n\nFor all BIG-IP and BIG-IQ modules, allow only trusted users to access the system shell.\n\nTraffix SDC\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the Traffic SDC command line.\n 2. Import the GPG Keys from RedHat under the **/etc/pki/rpm-gpg/** directory, by typing the following command: \n\nrpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release\n\n 3. Verify that the RPM package is installed, by using the following command syntax: \n\nrpm -K &lt;rpm_package_name&gt;\n\nFor example, to verify the samba-common-3.6.23-14.el6_6.x86_64.rpm RPM, type the following command: \n\nrpm -K samba-common-3.6.23-14.el6_6.x86_64.rpm \n \nsamba-common-3.6.23-14.el6_6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "reporter": "f5", "published": "2015-04-10T00:55:00", "title": "Linux RPM vulnerability CVE-2013-6435", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2013-6435"], "modified": "2017-04-06T16:50:00", "id": "F5:K16383", "href": "https://support.f5.com/csp/article/K16383", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:07", "references": ["https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15106.html", "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15113.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can perform one of the following procedures:\n\nAll BIG-IP and BIG-IQ Modules\n\nFor all BIG-IP and BIG-IQ modules, allow only trusted users to access the system shell.\n\nTraffix SDC\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the Traffic SDC command line.\n 2. Import the GPG Keys from RedHat under the **/etc/pki/rpm-gpg/** directory, by typing the following command: \n\nrpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release\n\n 3. Verify that the RPM package is installed, by using the following command syntax: \n\nrpm -K &lt;rpm_package_name&gt;\n\nFor example, to verify the samba-common-3.6.23-14.el6_6.x86_64.rpm RPM, type the following command: \n\nrpm -K samba-common-3.6.23-14.el6_6.x86_64.rpm \n \nsamba-common-3.6.23-14.el6_6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n", "reporter": "f5", "published": "2015-04-09T00:00:00", "title": "SOL16383 - Linux RPM vulnerability CVE-2013-6435", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.6.0", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "Enterprise Manager", "version": "2.3.0", "operator": "le"}, {"name": "BIG-IQ Cloud and Orchestration", "version": "1.0.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IQ Centralized Management", "version": "4.6.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IQ ADC", "version": "4.5.0", "operator": "le"}, {"name": "Traffix SDC", "version": "4.1.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "Traffix SDC", "version": "3.5.1", "operator": "le"}], "cvelist": ["CVE-2013-6435"], "modified": "2016-07-22T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16383.html", "id": "SOL16383", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:04", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "ia64", "packageFilename": "rpm-python-4.4.2.3-36.0.1.el5_11.ia64.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "x86_64", "packageFilename": "rpm-python-4.4.2.3-36.0.1.el5_11.x86_64.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "x86_64", "packageFilename": "rpm-apidocs-4.4.2.3-36.0.1.el5_11.x86_64.rpm", "packageName": "rpm-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "x86_64", "packageFilename": "rpm-4.4.2.3-36.0.1.el5_11.x86_64.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "i386", "packageFilename": "rpm-apidocs-4.4.2.3-36.0.1.el5_11.i386.rpm", "packageName": "rpm-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "i686", "packageFilename": "rpm-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "x86_64", "packageFilename": "rpm-devel-4.8.0-38.el6_6.x86_64.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "x86_64", "packageFilename": "rpm-python-4.8.0-38.el6_6.x86_64.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "x86_64", "packageFilename": "rpm-devel-4.4.2.3-36.0.1.el5_11.x86_64.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "src", "packageFilename": "rpm-4.4.2.3-36.0.1.el5_11.src.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "src", "packageFilename": "rpm-4.4.2.3-36.0.1.el5_11.src.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "src", "packageFilename": "rpm-4.4.2.3-36.0.1.el5_11.src.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "ia64", "packageFilename": "rpm-4.4.2.3-36.0.1.el5_11.ia64.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "x86_64", "packageFilename": "rpm-4.8.0-38.el6_6.x86_64.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "i686", "packageFilename": "rpm-devel-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "i686", "packageFilename": "rpm-devel-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "x86_64", "packageFilename": "rpm-build-4.4.2.3-36.0.1.el5_11.x86_64.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.10.2.3-36.0.1.el5_11", "arch": "ia64", "packageFilename": "popt-1.10.2.3-36.0.1.el5_11.ia64.rpm", "packageName": "popt", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.10.2.3-36.0.1.el5_11", "arch": "i386", "packageFilename": "popt-1.10.2.3-36.0.1.el5_11.i386.rpm", "packageName": "popt", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.10.2.3-36.0.1.el5_11", "arch": "i386", "packageFilename": "popt-1.10.2.3-36.0.1.el5_11.i386.rpm", "packageName": "popt", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "x86_64", "packageFilename": "rpm-libs-4.4.2.3-36.0.1.el5_11.x86_64.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "i686", "packageFilename": "rpm-build-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "i386", "packageFilename": "rpm-4.4.2.3-36.0.1.el5_11.i386.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "noarch", "packageFilename": "rpm-apidocs-4.8.0-38.el6_6.noarch.rpm", "packageName": "rpm-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "noarch", "packageFilename": "rpm-apidocs-4.8.0-38.el6_6.noarch.rpm", "packageName": "rpm-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "ia64", "packageFilename": "rpm-apidocs-4.4.2.3-36.0.1.el5_11.ia64.rpm", "packageName": "rpm-apidocs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "i686", "packageFilename": "rpm-libs-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "i686", "packageFilename": "rpm-libs-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "x86_64", "packageFilename": "rpm-build-4.8.0-38.el6_6.x86_64.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "i386", "packageFilename": "rpm-python-4.4.2.3-36.0.1.el5_11.i386.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "x86_64", "packageFilename": "rpm-libs-4.8.0-38.el6_6.x86_64.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "i386", "packageFilename": "rpm-devel-4.4.2.3-36.0.1.el5_11.i386.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "i386", "packageFilename": "rpm-devel-4.4.2.3-36.0.1.el5_11.i386.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "i386", "packageFilename": "rpm-libs-4.4.2.3-36.0.1.el5_11.i386.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "i386", "packageFilename": "rpm-libs-4.4.2.3-36.0.1.el5_11.i386.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "i386", "packageFilename": "rpm-build-4.4.2.3-36.0.1.el5_11.i386.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "src", "packageFilename": "rpm-4.8.0-38.el6_6.src.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "src", "packageFilename": "rpm-4.8.0-38.el6_6.src.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.10.2.3-36.0.1.el5_11", "arch": "x86_64", "packageFilename": "popt-1.10.2.3-36.0.1.el5_11.x86_64.rpm", "packageName": "popt", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "ia64", "packageFilename": "rpm-libs-4.4.2.3-36.0.1.el5_11.ia64.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "ia64", "packageFilename": "rpm-build-4.4.2.3-36.0.1.el5_11.ia64.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "i686", "packageFilename": "rpm-python-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "4.4.2.3-36.0.1.el5_11", "arch": "ia64", "packageFilename": "rpm-devel-4.4.2.3-36.0.1.el5_11.ia64.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "noarch", "packageFilename": "rpm-cron-4.8.0-38.el6_6.noarch.rpm", "packageName": "rpm-cron", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "arch": "noarch", "packageFilename": "rpm-cron-4.8.0-38.el6_6.noarch.rpm", "packageName": "rpm-cron", "operator": "lt"}], "description": "[4.4.2.3-36.0.1]\n- Add missing files in /usr/share/doc/\n[4.8.0-36]\n- Fix warning when applying the patch for #1163057\n[4.8.0-35]\n- Fix race condidition where unchecked data is exposed in the file system\n (CVE-2013-6435)(#1163057)", "edition": 3, "reporter": "Oracle", "published": "2014-12-09T00:00:00", "title": "rpm security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435"], "modified": "2014-12-09T00:00:00", "id": "ELSA-2014-1974", "href": "http://linux.oracle.com/errata/ELSA-2014-1974.html", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:45:24", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "i686", "packageFilename": "rpm-libs-4.11.1-18.el7_0.i686.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "x86_64", "packageFilename": "rpm-sign-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-sign", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "x86_64", "packageFilename": "rpm-python-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "x86_64", "packageFilename": "rpm-libs-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "src", "packageFilename": "rpm-4.11.1-18.el7_0.src.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "i686", "packageFilename": "rpm-build-libs-4.11.1-18.el7_0.i686.rpm", "packageName": "rpm-build-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "x86_64", "packageFilename": "rpm-build-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "noarch", "packageFilename": "rpm-cron-4.11.1-18.el7_0.noarch.rpm", "packageName": "rpm-cron", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "x86_64", "packageFilename": "rpm-build-libs-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-build-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "x86_64", "packageFilename": "rpm-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "i686", "packageFilename": "rpm-devel-4.11.1-18.el7_0.i686.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "x86_64", "packageFilename": "rpm-devel-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "noarch", "packageFilename": "rpm-apidocs-4.11.1-18.el7_0.noarch.rpm", "packageName": "rpm-apidocs", "operator": "lt"}], "description": "[4.11.1-18]\n- Add check against malicious CPIO file name size (#1163060)\n- Fixes CVE-2014-8118\n[4.11.1-17]\n- Fix race condidition where unchecked data is exposed in the file system\n (#1163060)\n- Fixes CVE-2013-6435", "edition": 3, "reporter": "Oracle", "published": "2014-12-09T00:00:00", "title": "rpm security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2014-12-09T00:00:00", "id": "ELSA-2014-1976", "href": "http://linux.oracle.com/errata/ELSA-2014-1976.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-28T18:24:03", "references": ["http://linux.oracle.com/errata/ELSA-2014-1974.html"], "pluginID": "1361412562310123228", "description": "Oracle Linux Local Security Checks ELSA-2014-1974", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2014-1974", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123228", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1974.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123228\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:00 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1974\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1974 - rpm security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1974\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1974.html\");\n script_cve_id(\"CVE-2013-6435\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"popt\", rpm:\"popt~1.10.2.3~36.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.4.2.3~36.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-apidocs\", rpm:\"rpm-apidocs~4.4.2.3~36.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.4.2.3~36.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.4.2.3~36.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.4.2.3~36.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.4.2.3~36.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.8.0~38.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-apidocs\", rpm:\"rpm-apidocs~4.8.0~38.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.8.0~38.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-cron\", rpm:\"rpm-cron~4.8.0~38.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.8.0~38.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.8.0~38.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.8.0~38.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:03:10", "references": ["2015:0107_1"], "pluginID": "1361412562310850855", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-15T00:00:00", "title": "SuSE Update for rpm SUSE-SU-2015:0107-1 (rpm)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310850855", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850855", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0107_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for rpm SUSE-SU-2015:0107-1 (rpm)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850855\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 12:20:15 +0200 (Thu, 15 Oct 2015)\");\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for rpm SUSE-SU-2015:0107-1 (rpm)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rpm'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This rpm update fixes the following security and non-security issues:\n\n - bnc#908128: Check for bad invalid name sizes (CVE-2014-8118)\n\n - bnc#906803: Create files with mode 0 (CVE-2013-6435)\n\n - bnc#892431: Honor --noglob in install mode\n\n - bnc#911228: Fix noglob patch, it broke files with space.\");\n script_tag(name:\"affected\", value:\"rpm on SUSE Linux Enterprise Desktop 12\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0107_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpm-32bit\", rpm:\"rpm-32bit~4.11.2~10.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.2~10.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.2~10.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-build-debuginfo\", rpm:\"rpm-build-debuginfo~4.11.2~10.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-debuginfo-32bit\", rpm:\"rpm-debuginfo-32bit~4.11.2~10.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-debuginfo\", rpm:\"rpm-debuginfo~4.11.2~10.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-debugsource\", rpm:\"rpm-debugsource~4.11.2~10.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.2~10.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-python-debuginfo\", rpm:\"rpm-python-debuginfo~4.11.2~10.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-python-debugsource\", rpm:\"rpm-python-debugsource~4.11.2~10.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:16", "references": ["http://www.debian.org/security/2015/dsa-3129.html"], "pluginID": "1361412562310703129", "description": "Two vulnerabilities have been discovered\nin the RPM package manager.\n\nCVE-2013-6435\nFlorian Weimer discovered a race condition in package signature\nvalidation.\n\nCVE-2014-8118\nFlorian Weimer discovered an integer overflow in parsing CPIO headers\nwhich might result in the execution of arbitrary code.", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-01-15T00:00:00", "title": "Debian Security Advisory DSA 3129-1 (rpm - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703129", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3129.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3129-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703129\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\");\n script_name(\"Debian Security Advisory DSA 3129-1 (rpm - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-15 00:00:00 +0100 (Thu, 15 Jan 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3129.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"rpm on Debian Linux\");\n script_tag(name: \"insight\", value: \"The RPM Package Manager (RPM) is a\ncommand-line driven package management system capable of installing, uninstalling,\nverifying, querying, and updating computer software packages.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 4.10.0-5+deb7u2.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.11.3-1.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.11.3-1.1.\n\nWe recommend that you upgrade your rpm packages.\");\n script_tag(name: \"summary\", value: \"Two vulnerabilities have been discovered\nin the RPM package manager.\n\nCVE-2013-6435\nFlorian Weimer discovered a race condition in package signature\nvalidation.\n\nCVE-2014-8118\nFlorian Weimer discovered an integer overflow in parsing CPIO headers\nwhich might result in the execution of arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"librpm-dbg\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"librpm-dev\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"librpm3\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"librpmbuild3\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"librpmio3\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"librpmsign1\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-rpm\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rpm\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rpm-common\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rpm-i18n\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rpm2cpio\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:08", "references": ["2014-16890", "https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146308.html"], "pluginID": "1361412562310868888", "description": "Check the version of rpm", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-05T00:00:00", "title": "Fedora Update for rpm FEDORA-2014-16890", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310868888", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868888", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rpm FEDORA-2014-16890\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868888\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 15:08:56 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-8118\", \"CVE-2013-6435\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for rpm FEDORA-2014-16890\");\n script_tag(name: \"summary\", value: \"Check the version of rpm\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package like its version, a description, etc.\n\");\n script_tag(name: \"affected\", value: \"rpm on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16890\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146308.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.12.0.1~4.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:24:32", "references": ["http://linux.oracle.com/errata/ELSA-2014-1976.html"], "pluginID": "1361412562310123229", "description": "Oracle Linux Local Security Checks ELSA-2014-1976", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2014-1976", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123229", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1976.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123229\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:01 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1976\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1976 - rpm security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1976\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1976.html\");\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.1~18.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-apidocs\", rpm:\"rpm-apidocs~4.11.1~18.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.1~18.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-build-libs\", rpm:\"rpm-build-libs~4.11.1~18.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-cron\", rpm:\"rpm-cron~4.11.1~18.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.11.1~18.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.11.1~18.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.1~18.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"rpm-sign\", rpm:\"rpm-sign~4.11.1~18.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T14:32:48", "references": ["https://alas.aws.amazon.com/ALAS-2014-458.html"], "pluginID": "1361412562310120019", "description": "Amazon Linux Local Security Checks", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2014-458", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120019", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-458.nasl 6724 2017-07-14 09:57:17Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120019\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:15:11 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-458\");\n script_tag(name:\"insight\", value:\"It was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118 )It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. Red Hat has published an excellent analysis of this issue. (CVE-2013-6435 )\");\n script_tag(name:\"solution\", value:\"Run yum update rpm to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-458.html\");\n script_cve_id(\"CVE-2014-8118\", \"CVE-2013-6435\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.2~2.58.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"rpm-sign\", rpm:\"rpm-sign~4.11.2~2.58.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"rpm-build-libs\", rpm:\"rpm-build-libs~4.11.2~2.58.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.11.2~2.58.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.2~2.58.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"rpm-debuginfo\", rpm:\"rpm-debuginfo~4.11.2~2.58.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.2~2.58.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"rpm-cron\", rpm:\"rpm-cron~4.11.2~2.58.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"rpm-apidocs\", rpm:\"rpm-apidocs~4.11.2~2.58.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:52:52", "references": ["http://www.debian.org/security/2015/dsa-3129.html"], "pluginID": "703129", "description": "Two vulnerabilities have been discovered\nin the RPM package manager.\n\nCVE-2013-6435\nFlorian Weimer discovered a race condition in package signature\nvalidation.\n\nCVE-2014-8118\nFlorian Weimer discovered an integer overflow in parsing CPIO headers\nwhich might result in the execution of arbitrary code.", "edition": 2, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-01-15T00:00:00", "title": "Debian Security Advisory DSA 3129-1 (rpm - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703129", "id": "OPENVAS:703129", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3129.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3129-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703129);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\");\n script_name(\"Debian Security Advisory DSA 3129-1 (rpm - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-15 00:00:00 +0100 (Thu, 15 Jan 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3129.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"rpm on Debian Linux\");\n script_tag(name: \"insight\", value: \"The RPM Package Manager (RPM) is a\ncommand-line driven package management system capable of installing, uninstalling,\nverifying, querying, and updating computer software packages.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 4.10.0-5+deb7u2.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.11.3-1.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.11.3-1.1.\n\nWe recommend that you upgrade your rpm packages.\");\n script_tag(name: \"summary\", value: \"Two vulnerabilities have been discovered\nin the RPM package manager.\n\nCVE-2013-6435\nFlorian Weimer discovered a race condition in package signature\nvalidation.\n\nCVE-2014-8118\nFlorian Weimer discovered an integer overflow in parsing CPIO headers\nwhich might result in the execution of arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"librpm-dbg\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"librpm-dev\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"librpm3\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"librpmbuild3\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"librpmio3\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"librpmsign1\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-rpm\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rpm\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rpm-common\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rpm-i18n\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rpm2cpio\", ver:\"4.10.0-5+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:40", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2014-December/147109.html", "2014-16838"], "pluginID": "1361412562310868639", "description": "Check the version of rpm", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-12-30T00:00:00", "title": "Fedora Update for rpm FEDORA-2014-16838", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2017-07-14T00:00:00", "id": "OPENVAS:1361412562310868639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868639", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rpm FEDORA-2014-16838\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868639\");\n script_version(\"$Revision: 6724 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-14 11:57:17 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-30 05:57:33 +0100 (Tue, 30 Dec 2014)\");\n script_cve_id(\"CVE-2014-8118\", \"CVE-2013-6435\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for rpm FEDORA-2014-16838\");\n script_tag(name: \"summary\", value: \"Check the version of rpm\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package like its version, a description, etc.\n\");\n script_tag(name: \"affected\", value: \"rpm on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16838\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/147109.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.3~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:02:47", "references": ["2014:1697_1"], "pluginID": "1361412562310850838", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-13T00:00:00", "title": "SuSE Update for popt SUSE-SU-2014:1697-1 (popt)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310850838", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1697_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for popt SUSE-SU-2014:1697-1 (popt)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850838\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for popt SUSE-SU-2014:1697-1 (popt)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'popt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This rpm update fixes the following security and non security issues.\n\n * bnc#908128: check for bad invalid name sizes (CVE-2014-8118)\n\n * bnc#906803: create files with mode 0 (CVE-2013-6435)\n\n * bnc#892431: honor --noglob in install mode\n\n Security Issues:\n\n * CVE-2014-8118\n\n * CVE-2013-6435\");\n script_tag(name:\"affected\", value:\"popt on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1697_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"popt\", rpm:\"popt~1.7~37.60.2\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.4.2.3~37.60.2\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"popt-32bit\", rpm:\"popt-32bit~1.7~37.60.2\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-32bit\", rpm:\"rpm-32bit~4.4.2.3~37.60.2\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"popt-x86\", rpm:\"popt-x86~1.7~37.60.2\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rpm-x86\", rpm:\"rpm-x86~4.4.2.3~37.60.2\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:02:55", "references": ["http://www.ubuntu.com/usn/usn-2479-1/", "2479-1"], "pluginID": "1361412562310842056", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-23T00:00:00", "title": "Ubuntu Update for rpm USN-2479-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310842056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for rpm USN-2479-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842056\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:58:40 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for rpm USN-2479-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rpm'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Florian Weimer discovered that RPM incorrectly\nhandled temporary files. A local attacker could use this issue to execute arbitrary\ncode. (CVE-2013-6435)\n\nFlorian Weimer discovered that RPM incorrectly handled certain CPIO\nheaders. If a user or automated system were tricked into installing a\nmalicious package file, a remote attacker could use this issue to cause RPM\nto crash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2014-8118)\");\n script_tag(name:\"affected\", value:\"rpm on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2479-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2479-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"rpm\", ver:\"4.11.2-3ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"rpm\", ver:\"4.11.1-3ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"rpm\", ver:\"4.9.1.1-1ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-02T00:08:49", "references": ["http://www.nessus.org/u?8251f6b0"], "pluginID": "88435", "description": "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory", "edition": 5, "reporter": "Tenable", "published": "2016-01-28T00:00:00", "title": "F5 Networks BIG-IP : Linux RPM vulnerability (SOL16383)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "F5 Networks Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435"], "modified": "2016-10-31T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL16383.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88435", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16383.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88435);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/10/31 13:45:42 $\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n\n script_name(english:\"F5 Networks BIG-IP : Linux RPM vulnerability (SOL16383)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Race condition in RPM 4.11.1 and earlier allows remote attackers to\nexecute arbitrary code via a crafted RPM file whose installation\nextracts the contents to temporary files before validating the\nsignature, as demonstrated by installing a file in the /etc/cron.d\ndirectory\"\n );\n # http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16383.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8251f6b0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16383.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16383\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:38:16", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-December/004706.html", "https://oss.oracle.com/pipermail/el-errata/2014-December/004707.html"], "pluginID": "79846", "description": "From Red Hat Security Advisory 2014:1974 :\n\nUpdated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2014-12-10T00:00:00", "title": "Oracle Linux 5 / 6 : rpm (ELSA-2014-1974)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:popt", "p-cpe:/a:oracle:linux:rpm", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:rpm-python", "p-cpe:/a:oracle:linux:rpm-apidocs", "p-cpe:/a:oracle:linux:rpm-cron", "p-cpe:/a:oracle:linux:rpm-devel", "p-cpe:/a:oracle:linux:rpm-libs", "p-cpe:/a:oracle:linux:rpm-build"], "id": "ORACLELINUX_ELSA-2014-1974.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79846", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1974 and \n# Oracle Linux Security Advisory ELSA-2014-1974 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79846);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"Oracle Linux 5 / 6 : rpm (ELSA-2014-1974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1974 :\n\nUpdated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004706.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004707.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"popt-1.10.2.3-36.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-4.4.2.3-36.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-apidocs-4.4.2.3-36.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-build-4.4.2.3-36.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-devel-4.4.2.3-36.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-libs-4.4.2.3-36.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-python-4.4.2.3-36.0.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"popt / rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-devel / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:40", "references": ["http://www.nessus.org/u?2c77867c"], "pluginID": "80015", "description": "It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nAll running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2014-12-15T00:00:00", "title": "Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435"], "modified": "2015-09-30T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141209_RPM_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80015);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/09/30 13:50:20 $\");\n\n script_cve_id(\"CVE-2013-6435\");\n\n script_name(english:\"Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nAll running applications linked against the RPM library must be\nrestarted for this update to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1412&L=scientific-linux-errata&T=0&P=1571\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c77867c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-debuginfo-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-debuginfo-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:43:53", "references": ["https://access.redhat.com/security/cve/cve-2013-6435", "https://access.redhat.com/errata/RHSA-2014:1974"], "pluginID": "79849", "description": "Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2014-12-10T00:00:00", "title": "RHEL 5 / 6 : rpm (RHSA-2014:1974)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rpm-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-cron", "p-cpe:/a:redhat:enterprise_linux:rpm", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:rpm-python", "p-cpe:/a:redhat:enterprise_linux:rpm-apidocs", "p-cpe:/a:redhat:enterprise_linux:rpm-debuginfo", "cpe:/o:redhat:enterprise_linux:6.6", "p-cpe:/a:redhat:enterprise_linux:rpm-devel", "p-cpe:/a:redhat:enterprise_linux:popt", "p-cpe:/a:redhat:enterprise_linux:rpm-build", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1974.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79849", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1974. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79849);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_xref(name:\"RHSA\", value:\"2014:1974\");\n\n script_name(english:\"RHEL 5 / 6 : rpm (RHSA-2014:1974)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6435\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1974\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"popt-1.10.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-apidocs-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-build-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"rpm-debuginfo-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"rpm-devel-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"rpm-libs-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-python-4.4.2.3-36.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"rpm-apidocs-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-build-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"rpm-cron-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"rpm-debuginfo-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"rpm-devel-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"popt / rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T17:04:05", "references": ["https://access.redhat.com/security/cve/cve-2013-6435", "https://access.redhat.com/errata/RHSA-2014:1975"], "pluginID": "79850", "description": "Updated rpm packages that fix one security issue are now available Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support, Red Hat Enterprise Linux 6.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2014-12-10T00:00:00", "title": "RHEL 5 / 6 : rpm (RHSA-2014:1975)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rpm-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-cron", "p-cpe:/a:redhat:enterprise_linux:rpm", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:rpm-python", "p-cpe:/a:redhat:enterprise_linux:rpm-apidocs", "p-cpe:/a:redhat:enterprise_linux:rpm-debuginfo", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "cpe:/o:redhat:enterprise_linux:5.6", "p-cpe:/a:redhat:enterprise_linux:rpm-devel", "cpe:/o:redhat:enterprise_linux:6.2", "p-cpe:/a:redhat:enterprise_linux:popt", "p-cpe:/a:redhat:enterprise_linux:rpm-build", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1975.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79850", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1975. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79850);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n script_xref(name:\"RHSA\", value:\"2014:1975\");\n\n script_name(english:\"RHEL 5 / 6 : rpm (RHSA-2014:1975)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix one security issue are now available Red\nHat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9\nExtended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update\nSupport, and Red Hat Enterprise Linux 6.4 Extended Update Support, Red\nHat Enterprise Linux 6.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6435\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.6|5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.6 / 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1975\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"popt-1.10.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"popt-1.10.2.3-24.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"popt-1.10.2.3-24.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-4.4.2.3-24.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"rpm-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"rpm-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-4.4.2.3-24.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"rpm-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-apidocs-4.4.2.3-24.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"rpm-apidocs-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"rpm-apidocs-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-apidocs-4.4.2.3-24.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"rpm-apidocs-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-build-4.4.2.3-24.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"rpm-build-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"rpm-build-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-build-4.4.2.3-24.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"rpm-build-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"rpm-debuginfo-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-debuginfo-4.4.2.3-24.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-debuginfo-4.4.2.3-24.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"rpm-devel-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-devel-4.4.2.3-24.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-devel-4.4.2.3-24.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"rpm-libs-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-libs-4.4.2.3-24.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-libs-4.4.2.3-24.el5_6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-python-4.4.2.3-24.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"rpm-python-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"rpm-python-4.4.2.3-34.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-python-4.4.2.3-24.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"rpm-python-4.4.2.3-34.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"rpm-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"rpm-4.8.0-38.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"rpm-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"rpm-4.8.0-38.el6_5\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"rpm-4.8.0-20.el6_2.1\")) flag++; }\nelse if (sp == \"5\") { if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"rpm-4.8.0-38.el6_5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-4.8.0-33.el6_4\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"rpm-apidocs-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", reference:\"rpm-apidocs-4.8.0-20.el6_2.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"rpm-apidocs-4.8.0-38.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"rpm-build-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"rpm-build-4.8.0-38.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"rpm-build-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"rpm-build-4.8.0-38.el6_5\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"rpm-build-4.8.0-20.el6_2.1\")) flag++; }\nelse if (sp == \"5\") { if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"rpm-build-4.8.0-38.el6_5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-build-4.8.0-33.el6_4\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"rpm-cron-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", reference:\"rpm-cron-4.8.0-20.el6_2.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"rpm-cron-4.8.0-38.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"rpm-debuginfo-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"rpm-debuginfo-4.8.0-38.el6_5\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"rpm-debuginfo-4.8.0-20.el6_2.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-debuginfo-4.8.0-33.el6_4\")) flag++; }\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"rpm-debuginfo-4.8.0-20.el6_2.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-debuginfo-4.8.0-33.el6_4\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"rpm-devel-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"rpm-devel-4.8.0-38.el6_5\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"rpm-devel-4.8.0-20.el6_2.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-devel-4.8.0-33.el6_4\")) flag++; }\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"rpm-devel-4.8.0-20.el6_2.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-devel-4.8.0-33.el6_4\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"rpm-libs-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"rpm-libs-4.8.0-38.el6_5\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"rpm-libs-4.8.0-20.el6_2.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-libs-4.8.0-33.el6_4\")) flag++; }\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"rpm-libs-4.8.0-20.el6_2.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-libs-4.8.0-33.el6_4\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"rpm-python-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"rpm-python-4.8.0-38.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"rpm-python-4.8.0-33.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"rpm-python-4.8.0-38.el6_5\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"rpm-python-4.8.0-20.el6_2.1\")) flag++; }\nelse if (sp == \"5\") { if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"rpm-python-4.8.0-38.el6_5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-python-4.8.0-33.el6_4\")) flag++; }\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"popt / rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:03:09", "references": ["http://www.nessus.org/u?8451a6f3"], "pluginID": "80008", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix race condidition where unchecked data is exposed in the file system (CVE-2013-6435)(#1163059)\n\n - Fix thinko in the non-root python byte-compilation fix\n\n - Byte-compile versioned python libdirs in non-root prefix too (#868332)\n\n - Fix segfault on rpmdb addition when header unload fails (#706935)\n\n - Add a compat mode for enabling legacy rpm scriptlet error behavior (#963724)\n\n - Fix build-time double-free on file capability processing (#904818)\n\n - Fix include-directive getting processed on false branch (#920190)\n\n - Bring back --fileid in the man page with description of the id (#804049)\n\n - Fix missing error on --import on bogus key file (#869667)\n\n - Add DWARF 4 support to debugedit (#858731)\n\n - Add better error handling to patch for bug\n\n - Fix memory corruption on multikey PGP packets/armors (#829621)\n\n - Handle identical binaries for debug-info (#727872)\n\n - Fix typos in Japanese rpm man page (#845065)\n\n - Document -D and -E options in man page (#845063)\n\n - Add --setperms and --setuids to the man page (#839126)\n\n - Update man page that SHA256 is also used for file digest (#804049)\n\n - Remove --fileid from man page to get rid of md5\n\n - Remove -s from patch calls (#773503)\n\n - Force _host_vendor to redhat to better match toolchain (#743229)\n\n - Backport reloadConfig for Python API (#825147)\n\n - Support for dpkg-style sorting of tilde in version/release (#825087)\n\n - Fix explicit directory %attr when %defattr is active (#730473)\n\n - Don't load keyring if signature checking is disabled (#664696)\n\n - Retry read to fix rpm2cpio with pipe as stdin (#802839)", "edition": 7, "reporter": "Tenable", "published": "2014-12-15T00:00:00", "title": "OracleVM 3.3 : rpm (OVMSA-2014-0083)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:rpm", "p-cpe:/a:oracle:vm:rpm-python", "p-cpe:/a:oracle:vm:rpm-libs"], "id": "ORACLEVM_OVMSA-2014-0083.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80008", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2014-0083.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80008);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2013-6435\");\n script_bugtraq_id(71558);\n\n script_name(english:\"OracleVM 3.3 : rpm (OVMSA-2014-0083)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix race condidition where unchecked data is exposed in\n the file system (CVE-2013-6435)(#1163059)\n\n - Fix thinko in the non-root python byte-compilation fix\n\n - Byte-compile versioned python libdirs in non-root prefix\n too (#868332)\n\n - Fix segfault on rpmdb addition when header unload fails\n (#706935)\n\n - Add a compat mode for enabling legacy rpm scriptlet\n error behavior (#963724)\n\n - Fix build-time double-free on file capability processing\n (#904818)\n\n - Fix include-directive getting processed on false branch\n (#920190)\n\n - Bring back --fileid in the man page with description of\n the id (#804049)\n\n - Fix missing error on --import on bogus key file\n (#869667)\n\n - Add DWARF 4 support to debugedit (#858731)\n\n - Add better error handling to patch for bug\n\n - Fix memory corruption on multikey PGP packets/armors\n (#829621)\n\n - Handle identical binaries for debug-info (#727872)\n\n - Fix typos in Japanese rpm man page (#845065)\n\n - Document -D and -E options in man page (#845063)\n\n - Add --setperms and --setuids to the man page (#839126)\n\n - Update man page that SHA256 is also used for file digest\n (#804049)\n\n - Remove --fileid from man page to get rid of md5\n\n - Remove -s from patch calls (#773503)\n\n - Force _host_vendor to redhat to better match toolchain\n (#743229)\n\n - Backport reloadConfig for Python API (#825147)\n\n - Support for dpkg-style sorting of tilde in\n version/release (#825087)\n\n - Fix explicit directory %attr when %defattr is active\n (#730473)\n\n - Don't load keyring if signature checking is disabled\n (#664696)\n\n - Retry read to fix rpm2cpio with pipe as stdin (#802839)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2014-December/000246.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8451a6f3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rpm / rpm-libs / rpm-python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"rpm-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"rpm-libs-4.8.0-38.el6_6\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"rpm-python-4.8.0-38.el6_6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm / rpm-libs / rpm-python\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:34", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-December/004708.html"], "pluginID": "79847", "description": "From Red Hat Security Advisory 2014:1976 :\n\nUpdated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2014-12-10T00:00:00", "title": "Oracle Linux 7 : rpm (ELSA-2014-1976)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:rpm-build-libs", "p-cpe:/a:oracle:linux:rpm-sign", "p-cpe:/a:oracle:linux:rpm", "p-cpe:/a:oracle:linux:rpm-python", "p-cpe:/a:oracle:linux:rpm-apidocs", "p-cpe:/a:oracle:linux:rpm-cron", "p-cpe:/a:oracle:linux:rpm-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:rpm-libs", "p-cpe:/a:oracle:linux:rpm-build"], "id": "ORACLELINUX_ELSA-2014-1976.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79847", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1976 and \n# Oracle Linux Security Advisory ELSA-2014-1976 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79847);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\");\n script_bugtraq_id(71558);\n script_xref(name:\"RHSA\", value:\"2014:1976\");\n\n script_name(english:\"Oracle Linux 7 : rpm (ELSA-2014-1976)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1976 :\n\nUpdated rpm packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to\na stack-based buffer overflow, while parsing a crafted CPIO header in\nthe payload section of an RPM file. This could allow an attacker to\nmodify signed RPM files in such a way that they would execute code\nchosen by the attacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004708.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rpm-4.11.1-18.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rpm-apidocs-4.11.1-18.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rpm-build-4.11.1-18.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rpm-build-libs-4.11.1-18.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rpm-cron-4.11.1-18.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rpm-devel-4.11.1-18.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rpm-libs-4.11.1-18.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rpm-python-4.11.1-18.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rpm-sign-4.11.1-18.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm / rpm-apidocs / rpm-build / rpm-build-libs / rpm-cron / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T17:05:13", "references": ["https://www.debian.org/security/2015/dsa-3129", "https://security-tracker.debian.org/tracker/CVE-2013-6435", "https://security-tracker.debian.org/tracker/CVE-2014-8118", "https://packages.debian.org/source/wheezy/rpm"], "pluginID": "80573", "description": "Two vulnerabilities have been discovered in the RPM package manager.\n\n - CVE-2013-6435 Florian Weimer discovered a race condition in package signature validation.\n\n - CVE-2014-8118 Florian Weimer discovered an integer overflow in parsing CPIO headers which might result in the execution of arbitrary code.", "edition": 5, "reporter": "Tenable", "published": "2015-01-19T00:00:00", "title": "Debian DSA-3129-1 : rpm - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rpm", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3129.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80573", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3129. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80573);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\");\n script_bugtraq_id(71558, 71588);\n script_xref(name:\"DSA\", value:\"3129\");\n\n script_name(english:\"Debian DSA-3129-1 : rpm - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities have been discovered in the RPM package manager.\n\n - CVE-2013-6435\n Florian Weimer discovered a race condition in package\n signature validation.\n\n - CVE-2014-8118\n Florian Weimer discovered an integer overflow in parsing\n CPIO headers which might result in the execution of\n arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/rpm\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3129\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rpm packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 4.10.0-5+deb7u2.\n\nFor the upcoming stable distribution (jessie), these problems have\nbeen fixed in version 4.11.3-1.1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"librpm-dbg\", reference:\"4.10.0-5+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"librpm-dev\", reference:\"4.10.0-5+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"librpm3\", reference:\"4.10.0-5+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"librpmbuild3\", reference:\"4.10.0-5+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"librpmio3\", reference:\"4.10.0-5+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"librpmsign1\", reference:\"4.10.0-5+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-rpm\", reference:\"4.10.0-5+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"rpm\", reference:\"4.10.0-5+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"rpm-common\", reference:\"4.10.0-5+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"rpm-i18n\", reference:\"4.10.0-5+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"rpm2cpio\", reference:\"4.10.0-5+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:52:34", "references": ["https://access.redhat.com/security/cve/cve-2013-6435", "https://access.redhat.com/errata/RHSA-2014:1976", "https://access.redhat.com/security/cve/cve-2014-8118"], "pluginID": "79851", "description": "Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "edition": 9, "reporter": "Tenable", "published": "2014-12-10T00:00:00", "title": "RHEL 7 : rpm (RHSA-2014:1976)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rpm-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-cron", "p-cpe:/a:redhat:enterprise_linux:rpm", "p-cpe:/a:redhat:enterprise_linux:rpm-python", "p-cpe:/a:redhat:enterprise_linux:rpm-apidocs", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:rpm-debuginfo", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rpm-devel", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:rpm-sign", "p-cpe:/a:redhat:enterprise_linux:rpm-build", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:rpm-build-libs"], "id": "REDHAT-RHSA-2014-1976.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79851", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1976. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79851);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\");\n script_bugtraq_id(71558);\n script_xref(name:\"RHSA\", value:\"2014:1976\");\n\n script_name(english:\"RHEL 7 : rpm (RHSA-2014:1976)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe RPM Package Manager (RPM) is a powerful command line driven\npackage management system capable of installing, uninstalling,\nverifying, querying, and updating software packages. Each software\npackage consists of an archive of files along with information about\nthe package such as its version, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic\nsignature only after the temporary file has been written completely.\nUnder certain conditions, the system interprets the unverified\ntemporary file contents and extracts commands from it. This could\nallow an attacker to modify signed RPM files in such a way that they\nwould execute code chosen by the attacker during package installation.\n(CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to\na stack-based buffer overflow, while parsing a crafted CPIO header in\nthe payload section of an RPM file. This could allow an attacker to\nmodify signed RPM files in such a way that they would execute code\nchosen by the attacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product\nSecurity.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-6435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8118\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1976\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rpm-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rpm-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rpm-apidocs-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rpm-build-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rpm-build-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rpm-build-libs-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rpm-cron-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rpm-debuginfo-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rpm-devel-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rpm-libs-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rpm-python-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rpm-python-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rpm-sign-4.11.1-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rpm-sign-4.11.1-18.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm / rpm-apidocs / rpm-build / rpm-build-libs / rpm-cron / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:37:58", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1039811", "https://bugzilla.redhat.com/show_bug.cgi?id=1168715", "http://www.nessus.org/u?95bd9fba"], "pluginID": "80065", "description": "- Add check against malicious CPIO file name size\n\n - Fix race condidition where unchecked data is exposed in the file system\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2014-12-17T00:00:00", "title": "Fedora 21 : rpm-4.12.0.1-4.fc21 (2014-16890)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rpm", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-16890.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80065", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16890.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80065);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\");\n script_xref(name:\"FEDORA\", value:\"2014-16890\");\n\n script_name(english:\"Fedora 21 : rpm-4.12.0.1-4.fc21 (2014-16890)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add check against malicious CPIO file name size\n\n - Fix race condidition where unchecked data is exposed\n in the file system\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1039811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1168715\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146308.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95bd9fba\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"rpm-4.12.0.1-4.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:17", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1974.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-python-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-python", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-build-4.4.2.3-36.el5_11.x86_64.rpm", "packageName": "rpm-build", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-build-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-build", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-devel-4.4.2.3-36.el5_11.i386.rpm", "packageName": "rpm-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-devel-4.4.2.3-36.el5_11.i386.rpm", "packageName": "rpm-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-4.8.0-38.el6_6.src.rpm", "packageName": "rpm", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-devel-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-devel-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-build-4.4.2.3-36.el5_11.i386.rpm", "packageName": "rpm-build", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-apidocs-4.4.2.3-36.el5_11.i386.rpm", "packageName": "rpm-apidocs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-devel-4.8.0-38.el6_6.x86_64.rpm", "packageName": "rpm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-apidocs-4.8.0-38.el6_6.noarch.rpm", "packageName": "rpm-apidocs", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-apidocs-4.8.0-38.el6_6.noarch.rpm", "packageName": "rpm-apidocs", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-apidocs-4.4.2.3-36.el5_11.x86_64.rpm", "packageName": "rpm-apidocs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-python-4.4.2.3-36.el5_11.i386.rpm", "packageName": "rpm-python", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-python-4.4.2.3-36.el5_11.x86_64.rpm", "packageName": "rpm-python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.10.2.3-36.el5_11", "packageFilename": "popt-1.10.2.3-36.el5_11.i386.rpm", "packageName": "popt", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.10.2.3-36.el5_11", "packageFilename": "popt-1.10.2.3-36.el5_11.i386.rpm", "packageName": "popt", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-build-4.8.0-38.el6_6.x86_64.rpm", "packageName": "rpm-build", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-libs-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-libs-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-libs-4.8.0-38.el6_6.x86_64.rpm", "packageName": "rpm-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-4.4.2.3-36.el5_11.src.rpm", "packageName": "rpm", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-4.8.0-38.el6_6.i686.rpm", "packageName": "rpm", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-libs-4.4.2.3-36.el5_11.i386.rpm", "packageName": "rpm-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-libs-4.4.2.3-36.el5_11.i386.rpm", "packageName": "rpm-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-4.8.0-38.el6_6.x86_64.rpm", "packageName": "rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-4.4.2.3-36.el5_11.x86_64.rpm", "packageName": "rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-python-4.8.0-38.el6_6.x86_64.rpm", "packageName": "rpm-python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-4.4.2.3-36.el5_11.i386.rpm", "packageName": "rpm", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.10.2.3-36.el5_11", "packageFilename": "popt-1.10.2.3-36.el5_11.x86_64.rpm", "packageName": "popt", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-cron-4.8.0-38.el6_6.noarch.rpm", "packageName": "rpm-cron", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.8.0-38.el6_6", "packageFilename": "rpm-cron-4.8.0-38.el6_6.noarch.rpm", "packageName": "rpm-cron", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-libs-4.4.2.3-36.el5_11.x86_64.rpm", "packageName": "rpm-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "packageFilename": "rpm-devel-4.4.2.3-36.el5_11.x86_64.rpm", "packageName": "rpm-devel", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1974\n\n\nThe RPM Package Manager (RPM) is a powerful command line driven package\nmanagement system capable of installing, uninstalling, verifying, querying,\nand updating software packages. Each software package consists of an\narchive of files along with information about the package such as its\nversion, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic signature\nonly after the temporary file has been written completely. Under certain\nconditions, the system interprets the unverified temporary file contents\nand extracts commands from it. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the RPM library must be restarted for this update to take\neffect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020818.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020819.html\n\n**Affected packages:**\npopt\nrpm\nrpm-apidocs\nrpm-build\nrpm-cron\nrpm-devel\nrpm-libs\nrpm-python\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1974.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-12-09T20:01:37", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "popt, rpm security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435"], "modified": "2014-12-09T20:16:13", "href": "http://lists.centos.org/pipermail/centos-announce/2014-December/020818.html", "id": "CESA-2014:1974", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:06", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1976.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-4.11.1-18.el7_0.src.rpm", "packageName": "rpm", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-sign-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-sign", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-libs-4.11.1-18.el7_0.i686.rpm", "packageName": "rpm-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-devel-4.11.1-18.el7_0.i686.rpm", "packageName": "rpm-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-devel-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-apidocs-4.11.1-18.el7_0.noarch.rpm", "packageName": "rpm-apidocs", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-build-libs-4.11.1-18.el7_0.i686.rpm", "packageName": "rpm-build-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-python-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-libs-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-cron-4.11.1-18.el7_0.noarch.rpm", "packageName": "rpm-cron", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-build-libs-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-build-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "packageFilename": "rpm-build-4.11.1-18.el7_0.x86_64.rpm", "packageName": "rpm-build", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1976\n\n\nThe RPM Package Manager (RPM) is a powerful command line driven package\nmanagement system capable of installing, uninstalling, verifying, querying,\nand updating software packages. Each software package consists of an\narchive of files along with information about the package such as its\nversion, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic signature\nonly after the temporary file has been written completely. Under certain\nconditions, the system interprets the unverified temporary file contents\nand extracts commands from it. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to a\nstack-based buffer overflow, while parsing a crafted CPIO header in the\npayload section of an RPM file. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-December/020821.html\n\n**Affected packages:**\nrpm\nrpm-apidocs\nrpm-build\nrpm-build-libs\nrpm-cron\nrpm-devel\nrpm-libs\nrpm-python\nrpm-sign\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1976.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-12-10T12:49:42", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "rpm security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2014-12-10T12:49:42", "href": "http://lists.centos.org/pipermail/centos-announce/2014-December/020821.html", "id": "CESA-2014:1976", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:04", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "4.4.2.3-36.el5_11", "arch": "i386", "packageName": "rpm-debuginfo", "packageFilename": "rpm-debuginfo-4.4.2.3-36.el5_11.i386.rpm", "operator": "lt"}], "description": "The RPM Package Manager (RPM) is a powerful command line driven package\nmanagement system capable of installing, uninstalling, verifying, querying,\nand updating software packages. Each software package consists of an\narchive of files along with information about the package such as its\nversion, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic signature\nonly after the temporary file has been written completely. Under certain\nconditions, the system interprets the unverified temporary file contents\nand extracts commands from it. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the RPM library must be restarted for this update to take\neffect.\n", "reporter": "RedHat", "published": "2014-12-09T05:00:00", "type": "redhat", "title": "(RHSA-2014:1974) Important: rpm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:09", "id": "RHSA-2014:1974", "href": "https://access.redhat.com/errata/RHSA-2014:1974", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:34", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "4.4.2.3-34.el5_9", "arch": "ppc", "packageName": "rpm-debuginfo", "packageFilename": "rpm-debuginfo-4.4.2.3-34.el5_9.ppc.rpm", "operator": "lt"}], "description": "The RPM Package Manager (RPM) is a powerful command line driven package\nmanagement system capable of installing, uninstalling, verifying, querying,\nand updating software packages. Each software package consists of an\narchive of files along with information about the package such as its\nversion, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic signature\nonly after the temporary file has been written completely. Under certain\nconditions, the system interprets the unverified temporary file contents\nand extracts commands from it. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2013-6435)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against the RPM library must be restarted for this update to take\neffect.\n", "reporter": "RedHat", "published": "2014-12-09T05:00:00", "type": "redhat", "title": "(RHSA-2014:1975) Important: rpm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:20:21", "id": "RHSA-2014:1975", "href": "https://access.redhat.com/errata/RHSA-2014:1975", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:28", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.11.1-18.el7_0", "arch": "x86_64", "packageName": "rpm-debuginfo", "packageFilename": "rpm-debuginfo-4.11.1-18.el7_0.x86_64.rpm", "operator": "lt"}], "description": "The RPM Package Manager (RPM) is a powerful command line driven package\nmanagement system capable of installing, uninstalling, verifying, querying,\nand updating software packages. Each software package consists of an\narchive of files along with information about the package such as its\nversion, description, and other information.\n\nIt was found that RPM wrote file contents to the target installation\ndirectory under a temporary name, and verified its cryptographic signature\nonly after the temporary file has been written completely. Under certain\nconditions, the system interprets the unverified temporary file contents\nand extracts commands from it. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2013-6435)\n\nIt was found that RPM could encounter an integer overflow, leading to a\nstack-based buffer overflow, while parsing a crafted CPIO header in the\npayload section of an RPM file. This could allow an attacker to modify\nsigned RPM files in such a way that they would execute code chosen by the\nattacker during package installation. (CVE-2014-8118)\n\nThese issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll rpm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications linked against the RPM library must be restarted for this\nupdate to take effect.\n", "reporter": "RedHat", "published": "2014-12-09T05:00:00", "type": "redhat", "title": "(RHSA-2014:1976) Important: rpm security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:32:53", "id": "RHSA-2014:1976", "href": "https://access.redhat.com/errata/RHSA-2014:1976", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:47:50", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=892431", "https://bugzilla.suse.com/show_bug.cgi?id=906803", "https://bugzilla.suse.com/show_bug.cgi?id=908128", "https://bugzilla.suse.com/show_bug.cgi?id=911228"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-4.11.2-10.1.s390x.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-debugsource-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-python-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-python-debuginfo-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-python-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-4.11.2-10.1.x86_64.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-python-4.11.2-10.1.s390x.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-devel-4.11.2-10.1.s390x.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-debuginfo-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-debuginfo-32bit-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-debuginfo-32bit-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-build-debuginfo-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-build-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-build-4.11.2-10.1.s390x.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-python-debugsource-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm-python-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-debugsource-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-python-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-debuginfo-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-debuginfo-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-devel-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-python-debuginfo-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm-python-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-build-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-python-debugsource-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-python-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-python-debugsource-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-python-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-build-debuginfo-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm-build-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-32bit-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-python-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-debugsource-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-devel-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-debuginfo-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-build-debuginfo-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-build-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-32bit-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-debugsource-4.11.2-10.1.s390x.rpm", "packageName": "rpm-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-build-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-debugsource-4.11.2-10.1.s390x.rpm", "packageName": "rpm-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-build-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-python-debuginfo-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-python-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-debugsource-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-debuginfo-4.11.2-10.1.x86_64.rpm", "packageName": "rpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-32bit-4.11.2-10.1.s390x.rpm", "packageName": "rpm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "x86_64", "packageFilename": "rpm-4.11.2-10.1.x86_64.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "ppc64le", "packageFilename": "rpm-debugsource-4.11.2-10.1.ppc64le.rpm", "packageName": "rpm-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-debuginfo-4.11.2-10.1.s390x.rpm", "packageName": "rpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-python-debuginfo-4.11.2-10.1.s390x.rpm", "packageName": "rpm-python-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-debuginfo-4.11.2-10.1.s390x.rpm", "packageName": "rpm-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-python-debugsource-4.11.2-10.1.s390x.rpm", "packageName": "rpm-python-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-build-debuginfo-4.11.2-10.1.s390x.rpm", "packageName": "rpm-build-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "4.11.2-10.1", "arch": "s390x", "packageFilename": "rpm-debuginfo-32bit-4.11.2-10.1.s390x.rpm", "packageName": "rpm-debuginfo-32bit", "operator": "lt"}], "description": "This rpm update fixes the following security and non-security issues:\n\n - bnc#908128: Check for bad invalid name sizes (CVE-2014-8118)\n - bnc#906803: Create files with mode 0 (CVE-2013-6435)\n - bnc#892431: Honor --noglob in install mode\n - bnc#911228: Fix noglob patch, it broke files with space.\n\n", "edition": 1, "reporter": "Suse", "published": "2015-01-22T18:04:56", "title": "Security update for rpm (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2015-01-22T18:04:56", "id": "SUSE-SU-2015:0107-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00018.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:25:49", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=892431", "https://bugzilla.suse.com/show_bug.cgi?id=906803", "http://download.suse.com/patch/finder/?keywords=25800fa95867098c22bbab2dce9ea93b", "https://bugzilla.suse.com/show_bug.cgi?id=908128"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-devel", "packageFilename": "popt-devel-1.7-37.60.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-32bit", "packageFilename": "popt-32bit-1.7-37.60.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm", "packageFilename": "rpm-4.4.2.3-37.60.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-devel", "packageFilename": "popt-devel-1.7-37.60.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt", "packageFilename": "popt-1.7-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm", "packageFilename": "rpm-4.4.2.3-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-devel", "packageFilename": "popt-devel-1.7-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm", "packageFilename": "rpm-4.4.2.3-37.60.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm", "packageFilename": "rpm-4.4.2.3-37.60.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-32bit", "packageFilename": "rpm-32bit-4.4.2.3-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt", "packageFilename": "popt-1.7-37.60.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-devel", "packageFilename": "rpm-devel-4.4.2.3-37.60.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-x86", "packageFilename": "rpm-x86-4.4.2.3-37.60.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm", "packageFilename": "rpm-4.4.2.3-37.60.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-devel", "packageFilename": "popt-devel-1.7-37.60.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-devel", "packageFilename": "rpm-devel-4.4.2.3-37.60.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-32bit", "packageFilename": "rpm-32bit-4.4.2.3-37.60.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-32bit", "packageFilename": "popt-32bit-1.7-37.60.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-32bit", "packageFilename": "popt-32bit-1.7-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm", "packageFilename": "rpm-4.4.2.3-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-devel", "packageFilename": "popt-devel-1.7-37.60.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt", "packageFilename": "popt-1.7-37.60.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-devel-32bit", "packageFilename": "rpm-devel-32bit-4.4.2.3-37.60.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt", "packageFilename": "popt-1.7-37.60.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm", "packageFilename": "rpm-4.4.2.3-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-32bit", "packageFilename": "rpm-32bit-4.4.2.3-37.60.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-32bit", "packageFilename": "popt-32bit-1.7-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-32bit", "packageFilename": "rpm-32bit-4.4.2.3-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt", "packageFilename": "popt-1.7-37.60.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-devel", "packageFilename": "rpm-devel-4.4.2.3-37.60.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-32bit", "packageFilename": "rpm-32bit-4.4.2.3-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-32bit", "packageFilename": "rpm-32bit-4.4.2.3-37.60.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-x86", "packageFilename": "popt-x86-1.7-37.60.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm", "packageFilename": "rpm-4.4.2.3-37.60.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt", "packageFilename": "popt-1.7-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-devel", "packageFilename": "rpm-devel-4.4.2.3-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm", "packageFilename": "rpm-4.4.2.3-37.60.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-x86", "packageFilename": "rpm-x86-4.4.2.3-37.60.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt", "packageFilename": "popt-1.7-37.60.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt", "packageFilename": "popt-1.7-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-devel", "packageFilename": "rpm-devel-4.4.2.3-37.60.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt", "packageFilename": "popt-1.7-37.60.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-32bit", "packageFilename": "rpm-32bit-4.4.2.3-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-32bit", "packageFilename": "popt-32bit-1.7-37.60.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7-37.60.2", "packageName": "popt-devel-32bit", "packageFilename": "popt-devel-32bit-1.7-37.60.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.4.2.3-37.60.2", "packageName": "rpm-32bit", "packageFilename": "rpm-32bit-4.4.2.3-37.60.2.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "This rpm update fixes the following security and non security issues.\n\n * bnc#908128: check for bad invalid name sizes (CVE-2014-8118)\n * bnc#906803: create files with mode 0 (CVE-2013-6435)\n * bnc#892431: honor --noglob in install mode\n\n Security Issues:\n\n * CVE-2014-8118\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118</a>&gt;\n * CVE-2013-6435\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435</a>&gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2014-12-24T08:05:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for popt (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2014-12-24T08:05:00", "id": "SUSE-SU-2014:1697-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00030.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:49:34", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "4.10.0-5+deb7u2", "arch": "all", "packageFilename": "rpm_4.10.0-5+deb7u2_all.deb", "packageName": "rpm", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3129-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 15, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rpm\nCVE ID : CVE-2013-6435 CVE-2014-8118\n\nTwo vulnerabilities have been discovered in the RPM package manager.\n\nCVE-2013-6435\n\n Florian Weimer discovered a race condition in package signature\n validation.\n\nCVE-2014-8118\n\n Florian Weimer discovered an integer overflow in parsing CPIO headers\n which might result in the execution of arbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 4.10.0-5+deb7u2.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.11.3-1.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.11.3-1.1.\n\nWe recommend that you upgrade your rpm packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2015-01-15T21:21:05", "title": "[SECURITY] [DSA 3129-1] rpm security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:34", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2015-01-15T21:21:05", "id": "DEBIAN:DSA-3129-1:7ECC4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:54", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "librpm-dev_4.8.1-6+squeeze2_all.deb", "packageName": "librpm-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "rpm2cpio_4.8.1-6+squeeze2_all.deb", "packageName": "rpm2cpio", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "python-rpm_4.8.1-6+squeeze2_all.deb", "packageName": "python-rpm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "rpm-i18n_4.8.1-6+squeeze2_all.deb", "packageName": "rpm-i18n", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "librpmbuild1_4.8.1-6+squeeze2_all.deb", "packageName": "librpmbuild1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "librpm1_4.8.1-6+squeeze2_all.deb", "packageName": "librpm1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "librpmio1_4.8.1-6+squeeze2_all.deb", "packageName": "librpmio1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "librpm-dbg_4.8.1-6+squeeze2_all.deb", "packageName": "librpm-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "rpm_4.8.1-6+squeeze2_all.deb", "packageName": "rpm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "rpm-common_4.8.1-6+squeeze2_all.deb", "packageName": "rpm-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.8.1-6+squeeze2", "arch": "all", "packageFilename": "lsb-rpm_4.8.1-6+squeeze2_all.deb", "packageName": "lsb-rpm", "operator": "lt"}], "description": "Package : rpm\nVersion : 4.8.1-6+squeeze2\nCVE ID : CVE-2012-0060 CVE-2012-0061 CVE-2012-0815 CVE-2013-6435\n CVE-2014-8118\n\nSeveral vulnerabilities have been fixed in rpm:\n\nCVE-2014-8118\n\n Fix integer overflow which allowed remote attackers to execute arbitrary\n code.\n\nCVE-2013-6435\n\n Prevent remote attackers from executing arbitrary code via crafted\n RPM files.\n\nCVE-2012-0815\n\n Fix denial of service and possible code execution via negative value in\n region offset in crafted RPM files.\n\nCVE-2012-0060 and CVE-2012-0061\n\n Prevent denial of service (crash) and possibly execute arbitrary code\n execution via an invalid region tag in RPM files.\n\nWe recommend that you upgrade your rpm packages.\n", "edition": 1, "reporter": "Debian", "published": "2015-01-28T18:07:41", "title": "[SECURITY] [DLA 140-1] rpm security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:54", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0815", "CVE-2013-6435", "CVE-2014-8118", "CVE-2012-0061", "CVE-2012-0060"], "modified": "2015-01-28T18:07:41", "id": "DEBIAN:DLA-140-1:1E890", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201501/msg00013.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:30", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-8118", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-6435"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "4.11.2-3ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "rpm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "4.9.1.1-1ubuntu0.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "rpm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.11.1-3ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "rpm", "operator": "lt"}], "description": "Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. (CVE-2013-6435)\n\nFlorian Weimer discovered that RPM incorrectly handled certain CPIO headers. If a user or automated system were tricked into installing a malicious package file, a remote attacker could use this issue to cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8118)", "edition": 3, "reporter": "Ubuntu", "published": "2015-01-19T00:00:00", "title": "RPM vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2015-01-19T00:00:00", "id": "USN-2479-1", "href": "https://usn.ubuntu.com/2479-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:26", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "x86_64", "packageFilename": "rpm-libs-4.11.2-2.58.amzn1.x86_64.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "x86_64", "packageFilename": "rpm-devel-4.11.2-2.58.amzn1.x86_64.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "noarch", "packageFilename": "rpm-apidocs-4.11.2-2.58.amzn1.noarch.rpm", "packageName": "rpm-apidocs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "i686", "packageFilename": "rpm-build-4.11.2-2.58.amzn1.i686.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "x86_64", "packageFilename": "rpm-sign-4.11.2-2.58.amzn1.x86_64.rpm", "packageName": "rpm-sign", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "i686", "packageFilename": "rpm-debuginfo-4.11.2-2.58.amzn1.i686.rpm", "packageName": "rpm-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "x86_64", "packageFilename": "rpm-4.11.2-2.58.amzn1.x86_64.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "i686", "packageFilename": "rpm-sign-4.11.2-2.58.amzn1.i686.rpm", "packageName": "rpm-sign", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "i686", "packageFilename": "rpm-libs-4.11.2-2.58.amzn1.i686.rpm", "packageName": "rpm-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "src", "packageFilename": "rpm-4.11.2-2.58.amzn1.src.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "i686", "packageFilename": "rpm-python-4.11.2-2.58.amzn1.i686.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "x86_64", "packageFilename": "rpm-python-4.11.2-2.58.amzn1.x86_64.rpm", "packageName": "rpm-python", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "x86_64", "packageFilename": "rpm-build-4.11.2-2.58.amzn1.x86_64.rpm", "packageName": "rpm-build", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "i686", "packageFilename": "rpm-devel-4.11.2-2.58.amzn1.i686.rpm", "packageName": "rpm-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "i686", "packageFilename": "rpm-4.11.2-2.58.amzn1.i686.rpm", "packageName": "rpm", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "i686", "packageFilename": "rpm-build-libs-4.11.2-2.58.amzn1.i686.rpm", "packageName": "rpm-build-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "x86_64", "packageFilename": "rpm-debuginfo-4.11.2-2.58.amzn1.x86_64.rpm", "packageName": "rpm-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "noarch", "packageFilename": "rpm-cron-4.11.2-2.58.amzn1.noarch.rpm", "packageName": "rpm-cron", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.11.2-2.58.amzn1", "arch": "x86_64", "packageFilename": "rpm-build-libs-4.11.2-2.58.amzn1.x86_64.rpm", "packageName": "rpm-build-libs", "operator": "lt"}], "description": "**Issue Overview:**\n\nIt was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. ([CVE-2014-8118 __](<https://access.redhat.com/security/cve/CVE-2014-8118>))\n\nIt was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. Red Hat has published an [excellent analysis](<https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/>) of this issue. ([CVE-2013-6435 __](<https://access.redhat.com/security/cve/CVE-2013-6435>))\n\n \n**Affected Packages:** \n\n\nrpm\n\n \n**Issue Correction:** \nRun _yum update rpm_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n rpm-4.11.2-2.58.amzn1.i686 \n rpm-sign-4.11.2-2.58.amzn1.i686 \n rpm-build-libs-4.11.2-2.58.amzn1.i686 \n rpm-devel-4.11.2-2.58.amzn1.i686 \n rpm-python-4.11.2-2.58.amzn1.i686 \n rpm-debuginfo-4.11.2-2.58.amzn1.i686 \n rpm-build-4.11.2-2.58.amzn1.i686 \n rpm-libs-4.11.2-2.58.amzn1.i686 \n \n noarch: \n rpm-cron-4.11.2-2.58.amzn1.noarch \n rpm-apidocs-4.11.2-2.58.amzn1.noarch \n \n src: \n rpm-4.11.2-2.58.amzn1.src \n \n x86_64: \n rpm-devel-4.11.2-2.58.amzn1.x86_64 \n rpm-sign-4.11.2-2.58.amzn1.x86_64 \n rpm-build-libs-4.11.2-2.58.amzn1.x86_64 \n rpm-python-4.11.2-2.58.amzn1.x86_64 \n rpm-4.11.2-2.58.amzn1.x86_64 \n rpm-libs-4.11.2-2.58.amzn1.x86_64 \n rpm-debuginfo-4.11.2-2.58.amzn1.x86_64 \n rpm-build-4.11.2-2.58.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-12-10T13:48:00", "title": "Important: rpm", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:26", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2014-12-10T13:48:00", "id": "ALAS-2014-458", "href": "https://alas.aws.amazon.com/ALAS-2014-458.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:251\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : rpm\r\n Date : December 14, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated rpm packages fix security vulnerabilities:\r\n \r\n It was found that RPM wrote file contents to the target\r\n installation directory under a temporary name, and verified its\r\n cryptographic signature only after the temporary file has been\r\n written completely. Under certain conditions, the system interprets\r\n the unverified temporary file contents and extracts commands from\r\n it. This could allow an attacker to modify signed RPM files in such\r\n a way that they would execute code chosen by the attacker during\r\n package installation &#40;CVE-2013-6435&#41;.\r\n \r\n It was found that RPM could encounter an integer overflow, leading to\r\n a stack-based buffer overflow, while parsing a crafted CPIO header\r\n in the payload section of an RPM file. This could allow an attacker\r\n to modify signed RPM files in such a way that they would execute code\r\n chosen by the attacker during package installation &#40;CVE-2014-8118&#41;.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118\r\n http://advisories.mageia.org/MGASA-2014-0529.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n a2b2d9d2909cf81d190a13df97670ba3 mbs1/x86_64/lib64rpm2-4.9.1.3-4.2.mbs1.x86_64.rpm\r\n 84c9572d43488466c5e07b8503a4b892 mbs1/x86_64/lib64rpmbuild2-4.9.1.3-4.2.mbs1.x86_64.rpm\r\n 23ca8f963b80a7f5f26de5915e06979b mbs1/x86_64/lib64rpm-devel-4.9.1.3-4.2.mbs1.x86_64.rpm\r\n a3221fbe0d934d06727b059d237582b8 mbs1/x86_64/lib64rpmsign2-4.9.1.3-4.2.mbs1.x86_64.rpm\r\n 64fc861bb34b554cf50d4c00108982a8 mbs1/x86_64/python-rpm-4.9.1.3-4.2.mbs1.x86_64.rpm\r\n 38131769a65f6fa06222152954e9bc2f mbs1/x86_64/rpm-4.9.1.3-4.2.mbs1.x86_64.rpm\r\n a959f5e51e7ca88d54a7ab82fee2ba20 mbs1/x86_64/rpm-build-4.9.1.3-4.2.mbs1.x86_64.rpm\r\n 4a55d7b75d53ec1d0069a1ade08ec4d8 mbs1/x86_64/rpm-sign-4.9.1.3-4.2.mbs1.x86_64.rpm \r\n 4b56a7c90fa73abe1a00b401e896c350 mbs1/SRPMS/rpm-4.9.1.3-4.2.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFUjeblmqjQ0CJFipgRAlejAKDrrekZ1b1e+jZHDc1oajRNyw0fUgCg8npY\r\nnLtnCvuHC+Wfy2AdJ8QewIw=\r\n=h8FC\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-12-22T00:00:00", "title": "[ MDVSA-2014:251 ] rpm", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:56", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:DOC:31536", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31536", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31536"], "description": "Integer oveflow, code execution.", "edition": 1, "reporter": "BUGTRAQ", "published": "2014-12-22T00:00:00", "title": "RPM security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:58", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "RPM", "version": "4.12", "operator": "eq"}], "cvelist": ["CVE-2013-6435", "CVE-2014-8118"], "modified": "2014-12-22T00:00:00", "id": "SECURITYVULNS:VULN:14166", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14166", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2018-11-29T02:39:46", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2014-8118", "https://nvd.nist.gov/vuln/detail/CVE-2013-6435", "https://bugs.gentoo.org/show_bug.cgi?id=638636", "https://nvd.nist.gov/vuln/detail/CVE-2017-7501", "https://bugs.gentoo.org/show_bug.cgi?id=533740"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.14.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-arch/rpm", "operator": "lt"}], "description": "### Background\n\nThe Red Hat Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. \n\n### Description\n\nMultiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, by enticing the user to process a specially crafted RPM file, could escalate privileges, execute arbitrary code, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll RPM users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/rpm-4.14.1\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2018-11-28T00:00:00", "title": "RPM: Multiple vulnerabilities", "type": "gentoo", "enchantments": {"score": {"modified": "2018-11-29T02:39:46", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-6435", "CVE-2017-7501", "CVE-2014-8118"], "modified": "2018-11-28T00:00:00", "id": "GLSA-201811-22", "href": "https://security.gentoo.org/glsa/201811-22", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}