CVE-2011-3378

HIGH

Description

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html

http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f

http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656

http://rpm.org/wiki/Releases/4.9.1.2#Security

http://www.mandriva.com/security/advisories?name=MDVSA-2011:143

http://www.openwall.com/lists/oss-security/2011/09/27/3

http://www.redhat.com/support/errata/RHSA-2011-1349.html

http://www.ubuntu.com/usn/USN-1695-1

https://bugzilla.redhat.com/show_bug.cgi?id=741606

https://bugzilla.redhat.com/show_bug.cgi?id=741612

Details

Source: MITRE

Published: 2011-12-24

Updated: 2016-12-08

Type: CWE-94

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.4.2.:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:* versions up to 4.9.1.1 (inclusive)

Tenable Plugins

View all (18 total)

ID	Name	Product	Family	Severity
91753	OracleVM 3.2 : rpm (OVMSA-2016-0077)	Nessus	OracleVM Local Security Checks	high
89105	VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)	Nessus	Misc.	high
76010	openSUSE Security Update : rpm (openSUSE-SU-2011:1203-1)	Nessus	SuSE Local Security Checks	high
75726	openSUSE Security Update : rpm (openSUSE-SU-2011:1203-1)	Nessus	SuSE Local Security Checks	high
69573	Amazon Linux AMI : rpm (ALAS-2011-14)	Nessus	Amazon Linux Local Security Checks	high
68363	Oracle Linux 4 / 5 / 6 : rpm (ELSA-2011-1349)	Nessus	Oracle Linux Local Security Checks	high
63612	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : rpm vulnerabilities (USN-1695-1)	Nessus	Ubuntu Local Security Checks	high
61147	Scientific Linux Security Update : rpm on SL4.x, SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
59679	GLSA-201206-26 : RPM: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
57749	VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console	Nessus	VMware ESX Local Security Checks	high
57241	SuSE 10 Security Update : popt (ZYPP Patch Number 7792)	Nessus	SuSE Local Security Checks	high
57128	SuSE 11.1 Security Update : popt (SAT Patch Number 5256)	Nessus	SuSE Local Security Checks	high
56702	SuSE 10 Security Update : popt (ZYPP Patch Number 7793)	Nessus	SuSE Local Security Checks	high
56457	Fedora 15 : rpm-4.9.1.2-1.fc15 (2011-13785)	Nessus	Fedora Local Security Checks	high
56424	Fedora 16 : rpm-4.9.1.2-1.fc16 (2011-13766)	Nessus	Fedora Local Security Checks	high
56403	Mandriva Linux Security Advisory : rpm (MDVSA-2011:143)	Nessus	Mandriva Local Security Checks	high
56383	RHEL 4 / 5 / 6 : rpm (RHSA-2011:1349)	Nessus	Red Hat Local Security Checks	high
56380	CentOS 4 / 5 : rpm (CESA-2011:1349)	Nessus	CentOS Local Security Checks	high