CVE-2013-6435

HIGH

Description

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

References

http://advisories.mageia.org/MGASA-2014-0529.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://rhn.redhat.com/errata/RHSA-2014-1974.html

http://rhn.redhat.com/errata/RHSA-2014-1975.html

http://rhn.redhat.com/errata/RHSA-2014-1976.html

http://www.debian.org/security/2015/dsa-3129

http://www.mandriva.com/security/advisories?name=MDVSA-2014:251

http://www.mandriva.com/security/advisories?name=MDVSA-2015:056

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/71558

https://bugzilla.redhat.com/show_bug.cgi?id=1039811

https://security.gentoo.org/glsa/201811-22

https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/

Details

Source: MITRE

Published: 2014-12-16

Updated: 2018-11-29

Type: CWE-74

Risk Information

CVSS v2.0

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.10.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.10.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.10.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:* versions up to 4.11.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

ID	Name	Product	Family	Severity
119276	GLSA-201811-22 : RPM: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
91753	OracleVM 3.2 : rpm (OVMSA-2016-0077)	Nessus	OracleVM Local Security Checks	high
88435	F5 Networks BIG-IP : Linux RPM vulnerability (SOL16383)	Nessus	F5 Networks Local Security Checks	high
82123	Debian DLA-140-1 : rpm security update	Nessus	Debian Local Security Checks	critical
81939	Mandriva Linux Security Advisory : rpm (MDVSA-2015:056)	Nessus	Mandriva Local Security Checks	critical
80854	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : rpm vulnerabilities (USN-2479-1)	Nessus	Ubuntu Local Security Checks	critical
80573	Debian DSA-3129-1 : rpm - security update	Nessus	Debian Local Security Checks	critical
80288	Fedora 20 : rpm-4.11.3-2.fc20 (2014-16838)	Nessus	Fedora Local Security Checks	critical
80276	openSUSE Security Update : python3-rpm / rpm / rpm-python (openSUSE-SU-2014:1716-1)	Nessus	SuSE Local Security Checks	critical
80252	SuSE 11.3 Security Update : popt (SAT Patch Number 10097)	Nessus	SuSE Local Security Checks	critical
80065	Fedora 21 : rpm-4.12.0.1-4.fc21 (2014-16890)	Nessus	Fedora Local Security Checks	critical
80016	Scientific Linux Security Update : rpm on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	critical
80015	Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
80008	OracleVM 3.3 : rpm (OVMSA-2014-0083)	Nessus	OracleVM Local Security Checks	high
79996	Mandriva Linux Security Advisory : rpm (MDVSA-2014:251)	Nessus	Mandriva Local Security Checks	critical
79877	CentOS 7 : rpm (CESA-2014:1976)	Nessus	CentOS Local Security Checks	critical
79851	RHEL 7 : rpm (RHSA-2014:1976)	Nessus	Red Hat Local Security Checks	critical
79850	RHEL 5 / 6 : rpm (RHSA-2014:1975)	Nessus	Red Hat Local Security Checks	high
79849	RHEL 5 / 6 : rpm (RHSA-2014:1974)	Nessus	Red Hat Local Security Checks	high
79847	Oracle Linux 7 : rpm (ELSA-2014-1976)	Nessus	Oracle Linux Local Security Checks	critical
79846	Oracle Linux 5 / 6 : rpm (ELSA-2014-1974)	Nessus	Oracle Linux Local Security Checks	high
79843	CentOS 5 / 6 : rpm (CESA-2014:1974)	Nessus	CentOS Local Security Checks	high
79842	Amazon Linux AMI : rpm (ALAS-2014-458)	Nessus	Amazon Linux Local Security Checks	critical