Описание
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux Extended Update Support 5.6 | rpm | Affected | ||
| Red Hat Enterprise Linux 5 | rpm | Fixed | RHSA-2014:1974 | 09.12.2014 |
| Red Hat Enterprise Linux 5.6 Long Life | rpm | Fixed | RHSA-2014:1975 | 09.12.2014 |
| Red Hat Enterprise Linux 5.9 Extended Update Support | rpm | Fixed | RHSA-2014:1975 | 09.12.2014 |
| Red Hat Enterprise Linux 6 | rpm | Fixed | RHSA-2014:1974 | 09.12.2014 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | rpm | Fixed | RHSA-2014:1975 | 09.12.2014 |
| Red Hat Enterprise Linux 6.4 Extended Update Support | rpm | Fixed | RHSA-2014:1975 | 09.12.2014 |
| Red Hat Enterprise Linux 6.5 Extended Update Support | rpm | Fixed | RHSA-2014:1975 | 09.12.2014 |
| Red Hat Enterprise Linux 7 | rpm | Fixed | RHSA-2014:1976 | 09.12.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.6 High
CVSS2
Связанные уязвимости
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
Race condition in RPM 4.11.1 and earlier allows remote attackers to ex ...
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
EPSS
7.6 High
CVSS2