exploitDog

CVE-2012-0060

Опубликовано: 03 апр. 2012

Источник: redhat

CVSS2: 7.6

Описание

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux Extended Update Support 5.3	rpm	Affected
Red Hat Enterprise Linux 3 Extended Lifecycle Support	rpm	Fixed	RHSA-2012:0451	03.04.2012
Red Hat Enterprise Linux 4 Extended Lifecycle Support	rpm	Fixed	RHSA-2012:0451	03.04.2012
Red Hat Enterprise Linux 5	rpm	Fixed	RHSA-2012:0451	03.04.2012
Red Hat Enterprise Linux 5.3 Long Life	rpm	Fixed	RHSA-2012:0451	03.04.2012
Red Hat Enterprise Linux 5.6 EUS - Server Only	rpm	Fixed	RHSA-2012:0451	03.04.2012
Red Hat Enterprise Linux 6	rpm	Fixed	RHSA-2012:0451	03.04.2012
Red Hat Enterprise Linux 6.0 EUS - Server Only	rpm	Fixed	RHSA-2012:0451	03.04.2012
Red Hat Enterprise Linux 6.1 EUS - Server Only	rpm	Fixed	RHSA-2012:0451	03.04.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-228->CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=744858rpm: insufficient validation of region tags

7.6 High

CVSS2

Связанные уязвимости

CVE-2012-0060

ubuntu

больше 13 лет назад

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

CVE-2012-0060

nvd

больше 13 лет назад

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

CVE-2012-0060

debian

больше 13 лет назад

RPM before 4.9.1.3 does not properly validate region tags, which allow ...

GHSA-j6wj-cqmg-hvcm

github

почти 4 года назад

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

ELSA-2012-0451

oracle-oval

почти 14 лет назад

ELSA-2012-0451: rpm security update (IMPORTANT)

7.6 High

CVSS2