Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0060

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-0060
Last Modified 03 May 2013 11:14:56
Published 04 Jun 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0060

Summary

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

Vulnerable Systems

Application

  • Rpm 1.2

  • Rpm 1.3

  • Rpm 1.3.1

  • Rpm 1.4

  • Rpm 1.4.1

  • Rpm 1.4.2

  • Rpm 1.4.2%2fa

  • Rpm 1.4.3

  • Rpm 1.4.4

  • Rpm 1.4.5

  • Rpm 1.4.6

  • Rpm 1.4.7

  • Rpm 2.0

  • Rpm 2.0.1

  • Rpm 2.0.10

  • Rpm 2.0.11

  • Rpm 2.0.2

  • Rpm 2.0.3

  • Rpm 2.0.4

  • Rpm 2.0.5

  • Rpm 2.0.6

  • Rpm 2.0.7

  • Rpm 2.0.8

  • Rpm 2.0.9

  • Rpm 2.1

  • Rpm 2.1.1

  • Rpm 2.1.2

  • Rpm 2.2

  • Rpm 2.2.1

  • Rpm 2.2.10

  • Rpm 2.2.11

  • Rpm 2.2.2

  • Rpm 2.2.3

  • Rpm 2.2.3.10

  • Rpm 2.2.3.11

  • Rpm 2.2.4

  • Rpm 2.2.5

  • Rpm 2.2.6

  • Rpm 2.2.7

  • Rpm 2.2.8

  • Rpm 2.2.9

  • Rpm 2.3

  • Rpm 2.3.1

  • Rpm 2.3.2

  • Rpm 2.3.3

  • Rpm 2.3.4

  • Rpm 2.3.5

  • Rpm 2.3.6

  • Rpm 2.3.7

  • Rpm 2.3.8

  • Rpm 2.3.9

  • Rpm 2.4.1

  • Rpm 2.4.11

  • Rpm 2.4.12

  • Rpm 2.4.2

  • Rpm 2.4.3

  • Rpm 2.4.4

  • Rpm 2.4.5

  • Rpm 2.4.6

  • Rpm 2.4.8

  • Rpm 2.4.9

  • Rpm 2.5

  • Rpm 2.5.1

  • Rpm 2.5.2

  • Rpm 2.5.3

  • Rpm 2.5.4

  • Rpm 2.5.5

  • Rpm 2.5.6

  • Rpm 2.6.7

  • Rpm 3.0

  • Rpm 3.0.1

  • Rpm 3.0.2

  • Rpm 3.0.3

  • Rpm 3.0.4

  • Rpm 3.0.5

  • Rpm 3.0.6

  • Rpm 4.0.

  • Rpm 4.0.1

  • Rpm 4.0.2

  • Rpm 4.0.3

  • Rpm 4.0.4

  • Rpm 4.1

  • Rpm 4.3.3

  • Rpm 4.4.2.1

  • Rpm 4.4.2.2

  • Rpm 4.4.2.3

  • Rpm 4.5.90

  • Rpm 4.6.0

  • Rpm 4.6.1

  • Rpm 4.7.0

  • Rpm 4.7.1

  • Rpm 4.7.2

  • Rpm 4.8.0

  • Rpm 4.8.1

  • Rpm 4.9.0

  • Rpm 4.9.1

  • Rpm 4.9.1.1

  • Rpm 4.9.1.2


References

SUSE - openSUSE-SU-2012:0589

SUSE - openSUSE-SU-2012:0588

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=744858

BID - 52865

OSVDB - 81010

SECUNIA - 49110

SECUNIA - 48716

SECUNIA - 48651

CONFIRM - http://rpm.org/wiki/Releases/4.9.1.3

CONFIRM - http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29

CONFIRM - http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190

REDHAT - RHSA-2012:0451

FEDORA - FEDORA-2012-5421

FEDORA - FEDORA-2012-5420

FEDORA - FEDORA-2012-5298

XF - rpm-loadsigverify-code-execution(74582)

SECTRACK - 1026882

UBUNTU - USN-1695-1

REDHAT - RHSA-2012:0531

Related Patches

Red Hat 2012:0451-01 RHSA Important: rpm security update for RHEL 5 x86

Red Hat 2012:0451-01 RHSA Important: rpm security update for RHEL 5 x86_64

Novell SUSE 2012:6186 popt security update for SLE 11 SP1 i586

Novell SUSE 2012:6186 popt security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6191 popt security update for SLE 11 SP2 i586

Novell SUSE 2012:6191 popt security update for SLE 11 SP2 x86_64

Novell SUSE 2012:8093 popt security update for SLE 10 SP4 x86_64

Novell SUSE 2012:8184 popt security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:47:11