Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6088

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-6088
Last Modified 02 Feb 2013 12:10:41
Published 18 Jan 2013 06:48:41
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6088

Summary

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.

Vulnerable Systems

Application

  • Rpm 4.10.0

  • Rpm 4.10.1


References

CONFIRM - http://rpm.org/wiki/Releases/4.10.2

CONFIRM - http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43

MISC - https://bugzilla.novell.com/show_bug.cgi?id=796375

XF - rpm-security-bypass(80953)

BID - 57138

MLIST - [oss-security] 20130103 Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages

SECUNIA - 51706

UBUNTU - USN-1694-1


Last Updated: 27 May 2016 11:01:42