Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6435

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2013-6435
Last Modified 28 Sep 2015 08:26:18
Published 16 Dec 2014 01:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-6435

Summary

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

Vulnerable Systems

Operating System

  • Debian Linux 7.0

Application

  • Rpm 1.2

  • Rpm 1.3

  • Rpm 1.3.1

  • Rpm 1.4

  • Rpm 1.4.1

  • Rpm 1.4.2

  • Rpm 1.4.2%2fa

  • Rpm 1.4.3

  • Rpm 1.4.4

  • Rpm 1.4.5

  • Rpm 1.4.6

  • Rpm 1.4.7

  • Rpm 2.0

  • Rpm 2.0.1

  • Rpm 2.0.10

  • Rpm 2.0.11

  • Rpm 2.0.2

  • Rpm 2.0.3

  • Rpm 2.0.4

  • Rpm 2.0.5

  • Rpm 2.0.6

  • Rpm 2.0.7

  • Rpm 2.0.8

  • Rpm 2.0.9

  • Rpm 2.1

  • Rpm 2.1.1

  • Rpm 2.1.2

  • Rpm 2.2

  • Rpm 2.2.1

  • Rpm 2.2.10

  • Rpm 2.2.11

  • Rpm 2.2.2

  • Rpm 2.2.3

  • Rpm 2.2.3.10

  • Rpm 2.2.3.11

  • Rpm 2.2.4

  • Rpm 2.2.5

  • Rpm 2.2.6

  • Rpm 2.2.7

  • Rpm 2.2.8

  • Rpm 2.2.9

  • Rpm 2.3

  • Rpm 2.3.1

  • Rpm 2.3.2

  • Rpm 2.3.3

  • Rpm 2.3.4

  • Rpm 2.3.5

  • Rpm 2.3.6

  • Rpm 2.3.7

  • Rpm 2.3.8

  • Rpm 2.3.9

  • Rpm 2.4.1

  • Rpm 2.4.11

  • Rpm 2.4.12

  • Rpm 2.4.2

  • Rpm 2.4.3

  • Rpm 2.4.4

  • Rpm 2.4.5

  • Rpm 2.4.6

  • Rpm 2.4.8

  • Rpm 2.4.9

  • Rpm 2.5

  • Rpm 2.5.1

  • Rpm 2.5.2

  • Rpm 2.5.3

  • Rpm 2.5.4

  • Rpm 2.5.5

  • Rpm 2.5.6

  • Rpm 2.6.7

  • Rpm 3.0

  • Rpm 3.0.1

  • Rpm 3.0.2

  • Rpm 3.0.3

  • Rpm 3.0.4

  • Rpm 3.0.5

  • Rpm 3.0.6

  • Rpm 4.0.

  • Rpm 4.0.1

  • Rpm 4.0.2

  • Rpm 4.0.3

  • Rpm 4.0.4

  • Rpm 4.1

  • Rpm 4.10.0

  • Rpm 4.10.1

  • Rpm 4.10.2

  • Rpm 4.11.1

  • Rpm 4.3.3

  • Rpm 4.4.2.1

  • Rpm 4.4.2.2

  • Rpm 4.4.2.3

  • Rpm 4.5.90

  • Rpm 4.6.0

  • Rpm 4.6.1

  • Rpm 4.7.0

  • Rpm 4.7.1

  • Rpm 4.7.2

  • Rpm 4.8.0

  • Rpm 4.8.1

  • Rpm 4.9.0

  • Rpm 4.9.1

  • Rpm 4.9.1.1

  • Rpm 4.9.1.2


References

CONFIRM - https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1039811

REDHAT - RHSA-2014:1976

REDHAT - RHSA-2014:1975

REDHAT - RHSA-2014:1974

DEBIAN - DSA-3129

MANDRIVA - MDVSA-2015:056

MANDRIVA - MDVSA-2014:251

CONFIRM - http://advisories.mageia.org/MGASA-2014-0529.html


Last Updated: 27 May 2016 11:07:18