Detections
Analytics

NewStart CGSL MAIN 6.06 : rpm Multiple Vulnerabilities (NS-SA-2025-0219)

critical Nessus Plugin ID 266279

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.06, has rpm packages installed that are affected by multiple vulnerabilities:

 - Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
 (CVE-2014-8118)

 - Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. (CVE-2013-6435)

 - RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
 (CVE-2011-3378)

 - RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. (CVE-2012-0060)

 - The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. (CVE-2012-0061)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL rpm packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0219

https://security.gd-linux.com/info/CVE-2011-3378

https://security.gd-linux.com/info/CVE-2012-0060

https://security.gd-linux.com/info/CVE-2012-0061

https://security.gd-linux.com/info/CVE-2012-0815

https://security.gd-linux.com/info/CVE-2013-6435

https://security.gd-linux.com/info/CVE-2014-8118

Plugin Details

Severity: Critical

ID: 266279

File Name: newstart_cgsl_NS-SA-2025-0219_rpm.nasl

Version: 1.1

Type: local

Published: 9/30/2025

Updated: 9/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-8118

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2013-6435

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:rpm-plugin-selinux, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:python3-rpm, p-cpe:/a:zte:cgsl_main:rpm-build-libs, p-cpe:/a:zte:cgsl_main:rpm, p-cpe:/a:zte:cgsl_main:rpm-sign, p-cpe:/a:zte:cgsl_main:rpm-libs

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2025

Vulnerability Publication Date: 9/27/2011

Reference Information

CVE: CVE-2011-3378, CVE-2012-0060, CVE-2012-0061, CVE-2012-0815, CVE-2013-6435, CVE-2014-8118