Vulners
Lucene search
MiracleLinux 4 : rpm-4.8.0-19.0.1.AXS4 (AXSA:2012-45:01)
| Reporter | Title | Published | Views | Family All 83 |
|---|---|---|---|---|
 | Medium: rpm | 31 Oct 201100:00 | – | amazon |
 | Amazon Linux AMI : rpm (ALAS-2011-14) | 4 Sep 201300:00 | – | nessus |
| CentOS 4 / 5 : rpm (CESA-2011:1349) | 4 Oct 201100:00 | – | nessus |
| Fedora 16 : rpm-4.9.1.2-1.fc16 (2011-13766) | 10 Oct 201100:00 | – | nessus |
| Fedora 15 : rpm-4.9.1.2-1.fc15 (2011-13785) | 12 Oct 201100:00 | – | nessus |
| GLSA-201206-26 : RPM: Multiple vulnerabilities | 25 Jun 201200:00 | – | nessus |
| Mandriva Linux Security Advisory : rpm (MDVSA-2011:143) | 6 Oct 201100:00 | – | nessus |
| NewStart CGSL CORE 5.04 / MAIN 5.04 : rpm Multiple Vulnerabilities (NS-SA-2020-0039) | 8 Sep 202000:00 | – | nessus |
| NewStart CGSL MAIN 6.06 : rpm Multiple Vulnerabilities (NS-SA-2025-0219) | 30 Sep 202500:00 | – | nessus |
| NewStart CGSL MAIN 6.06 (SP) : rpm Multiple Vulnerabilities (NS-SA-2026-0012) | 6 Mar 202600:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2012-45:01.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(284197);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");
script_cve_id("CVE-2011-3378");
script_name(english:"MiracleLinux 4 : rpm-4.8.0-19.0.1.AXS4 (AXSA:2012-45:01)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the
AXSA:2012-45:01 advisory.
The RPM Package Manager (RPM) is a powerful command line driven package management system capable of
installing, uninstalling, verifying, querying, and updating software packages. Each software package
consists of an archive of files along with information about the package like its version, a description,
etc.
Security issues fixed with this release:
CVE-2011-3378
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service
(memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and
offsets that are not properly handled when a package is queried or installed, related to (1) the
regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
Fixed bugs:
- Self-conflicts are now permitted: packages can be installed even if a conflict was addes against its
name.
- Added the xz support to the rpm2cpio.sh utility; it can now extract xz files.
- When installing a package containing the same files as an already installed package, the file with the
less preferred architecture are not overwritten silently anymore: only binaries can overwrite other
binaries, conflicting but non-identical files will trigger a message.
- Files listed in the spec file with the %defattr(-) directive did not keep the attributes they had in
the build root. This has been changed and they now keep those attibutes.
- Signing packages previously signed with the same key could cause the sigining process to abort. This
type of files are now skipped and the signing process continues as expected.
- Files with broken signature no longer make the librpm library crash.
Enhancement:
- Re-importing GPG keys does not make RPM fail any longer.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/2534");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3378");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/27");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rpm-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rpm-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rpm-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:rpm-python");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '4',
'pkgs': [
{'reference':'rpm-4.8.0-19.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'rpm-4.8.0-19.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'rpm-build-4.8.0-19.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'rpm-build-4.8.0-19.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'rpm-devel-4.8.0-19.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'rpm-devel-4.8.0-19.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'rpm-libs-4.8.0-19.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'rpm-libs-4.8.0-19.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'rpm-python-4.8.0-19.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'rpm-python-4.8.0-19.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rpm / rpm-build / rpm-devel / rpm-libs / rpm-python');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Jan 2026 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS 29.3
EPSS0.07655