CVE-2013-6435

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

References

http://advisories.mageia.org/MGASA-2014-0529.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://rhn.redhat.com/errata/RHSA-2014-1974.html

http://rhn.redhat.com/errata/RHSA-2014-1975.html

http://rhn.redhat.com/errata/RHSA-2014-1976.html

http://www.debian.org/security/2015/dsa-3129

http://www.mandriva.com/security/advisories?name=MDVSA-2014:251

http://www.mandriva.com/security/advisories?name=MDVSA-2015:056

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/71558

https://bugzilla.redhat.com/show_bug.cgi?id=1039811

https://security.gentoo.org/glsa/201811-22

https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/

Details

Source: MITRE

Published: 2014-12-16

Updated: 2018-11-29

Type: CWE-74

Risk Information

CVSS v2

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.10.0:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.10.1:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:4.10.2:*:*:*:*:*:*:*

cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:* versions up to 4.11.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
119276GLSA-201811-22 : RPM: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
91753OracleVM 3.2 : rpm (OVMSA-2016-0077)NessusOracleVM Local Security Checks
high
88435F5 Networks BIG-IP : Linux RPM vulnerability (SOL16383)NessusF5 Networks Local Security Checks
high
82123Debian DLA-140-1 : rpm security updateNessusDebian Local Security Checks
critical
81939Mandriva Linux Security Advisory : rpm (MDVSA-2015:056)NessusMandriva Local Security Checks
critical
80854Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : rpm vulnerabilities (USN-2479-1)NessusUbuntu Local Security Checks
critical
80573Debian DSA-3129-1 : rpm - security updateNessusDebian Local Security Checks
critical
80288Fedora 20 : rpm-4.11.3-2.fc20 (2014-16838)NessusFedora Local Security Checks
critical
80276openSUSE Security Update : python3-rpm / rpm / rpm-python (openSUSE-SU-2014:1716-1)NessusSuSE Local Security Checks
critical
80252SuSE 11.3 Security Update : popt (SAT Patch Number 10097)NessusSuSE Local Security Checks
critical
80065Fedora 21 : rpm-4.12.0.1-4.fc21 (2014-16890)NessusFedora Local Security Checks
critical
80016Scientific Linux Security Update : rpm on SL7.x x86_64 (20141209)NessusScientific Linux Local Security Checks
critical
80015Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64 (20141209)NessusScientific Linux Local Security Checks
high
80008OracleVM 3.3 : rpm (OVMSA-2014-0083)NessusOracleVM Local Security Checks
high
79996Mandriva Linux Security Advisory : rpm (MDVSA-2014:251)NessusMandriva Local Security Checks
critical
79877CentOS 7 : rpm (CESA-2014:1976)NessusCentOS Local Security Checks
critical
79851RHEL 7 : rpm (RHSA-2014:1976)NessusRed Hat Local Security Checks
critical
79850RHEL 5 / 6 : rpm (RHSA-2014:1975)NessusRed Hat Local Security Checks
high
79849RHEL 5 / 6 : rpm (RHSA-2014:1974)NessusRed Hat Local Security Checks
high
79847Oracle Linux 7 : rpm (ELSA-2014-1976)NessusOracle Linux Local Security Checks
critical
79846Oracle Linux 5 / 6 : rpm (ELSA-2014-1974)NessusOracle Linux Local Security Checks
high
79843CentOS 5 / 6 : rpm (CESA-2014:1974)NessusCentOS Local Security Checks
high
79842Amazon Linux AMI : rpm (ALAS-2014-458)NessusAmazon Linux Local Security Checks
critical