Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
Weakness
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rpm | Rpm | * | 4.11.1 (including) |
| Rpm | Rpm | 1.2 (including) | 1.2 (including) |
| Rpm | Rpm | 1.3 (including) | 1.3 (including) |
| Rpm | Rpm | 1.3.1 (including) | 1.3.1 (including) |
| Rpm | Rpm | 1.4 (including) | 1.4 (including) |
| Rpm | Rpm | 1.4.1 (including) | 1.4.1 (including) |
| Rpm | Rpm | 1.4.2 (including) | 1.4.2 (including) |
| Rpm | Rpm | 1.4.2/a (including) | 1.4.2/a (including) |
| Rpm | Rpm | 1.4.3 (including) | 1.4.3 (including) |
| Rpm | Rpm | 1.4.4 (including) | 1.4.4 (including) |
| Rpm | Rpm | 1.4.5 (including) | 1.4.5 (including) |
| Rpm | Rpm | 1.4.6 (including) | 1.4.6 (including) |
| Rpm | Rpm | 1.4.7 (including) | 1.4.7 (including) |
| Rpm | Rpm | 2.0 (including) | 2.0 (including) |
| Rpm | Rpm | 2.0.1 (including) | 2.0.1 (including) |
| Rpm | Rpm | 2.0.2 (including) | 2.0.2 (including) |
| Rpm | Rpm | 2.0.3 (including) | 2.0.3 (including) |
| Rpm | Rpm | 2.0.4 (including) | 2.0.4 (including) |
| Rpm | Rpm | 2.0.5 (including) | 2.0.5 (including) |
| Rpm | Rpm | 2.0.6 (including) | 2.0.6 (including) |
| Rpm | Rpm | 2.0.7 (including) | 2.0.7 (including) |
| Rpm | Rpm | 2.0.8 (including) | 2.0.8 (including) |
| Rpm | Rpm | 2.0.9 (including) | 2.0.9 (including) |
| Rpm | Rpm | 2.0.10 (including) | 2.0.10 (including) |
| Rpm | Rpm | 2.0.11 (including) | 2.0.11 (including) |
| Rpm | Rpm | 2.1 (including) | 2.1 (including) |
| Rpm | Rpm | 2.1.1 (including) | 2.1.1 (including) |
| Rpm | Rpm | 2.1.2 (including) | 2.1.2 (including) |
| Rpm | Rpm | 2.2 (including) | 2.2 (including) |
| Rpm | Rpm | 2.2.1 (including) | 2.2.1 (including) |
| Rpm | Rpm | 2.2.2 (including) | 2.2.2 (including) |
| Rpm | Rpm | 2.2.3 (including) | 2.2.3 (including) |
| Rpm | Rpm | 2.2.3.10 (including) | 2.2.3.10 (including) |
| Rpm | Rpm | 2.2.3.11 (including) | 2.2.3.11 (including) |
| Rpm | Rpm | 2.2.4 (including) | 2.2.4 (including) |
| Rpm | Rpm | 2.2.5 (including) | 2.2.5 (including) |
| Rpm | Rpm | 2.2.6 (including) | 2.2.6 (including) |
| Rpm | Rpm | 2.2.7 (including) | 2.2.7 (including) |
| Rpm | Rpm | 2.2.8 (including) | 2.2.8 (including) |
| Rpm | Rpm | 2.2.9 (including) | 2.2.9 (including) |
| Rpm | Rpm | 2.2.10 (including) | 2.2.10 (including) |
| Rpm | Rpm | 2.2.11 (including) | 2.2.11 (including) |
| Rpm | Rpm | 2.3 (including) | 2.3 (including) |
| Rpm | Rpm | 2.3.1 (including) | 2.3.1 (including) |
| Rpm | Rpm | 2.3.2 (including) | 2.3.2 (including) |
| Rpm | Rpm | 2.3.3 (including) | 2.3.3 (including) |
| Rpm | Rpm | 2.3.4 (including) | 2.3.4 (including) |
| Rpm | Rpm | 2.3.5 (including) | 2.3.5 (including) |
| Rpm | Rpm | 2.3.6 (including) | 2.3.6 (including) |
| Rpm | Rpm | 2.3.7 (including) | 2.3.7 (including) |
| Rpm | Rpm | 2.3.8 (including) | 2.3.8 (including) |
| Rpm | Rpm | 2.3.9 (including) | 2.3.9 (including) |
| Rpm | Rpm | 2.4.1 (including) | 2.4.1 (including) |
| Rpm | Rpm | 2.4.2 (including) | 2.4.2 (including) |
| Rpm | Rpm | 2.4.3 (including) | 2.4.3 (including) |
| Rpm | Rpm | 2.4.4 (including) | 2.4.4 (including) |
| Rpm | Rpm | 2.4.5 (including) | 2.4.5 (including) |
| Rpm | Rpm | 2.4.6 (including) | 2.4.6 (including) |
| Rpm | Rpm | 2.4.8 (including) | 2.4.8 (including) |
| Rpm | Rpm | 2.4.9 (including) | 2.4.9 (including) |
| Rpm | Rpm | 2.4.11 (including) | 2.4.11 (including) |
| Rpm | Rpm | 2.4.12 (including) | 2.4.12 (including) |
| Rpm | Rpm | 2.5 (including) | 2.5 (including) |
| Rpm | Rpm | 2.5.1 (including) | 2.5.1 (including) |
| Rpm | Rpm | 2.5.2 (including) | 2.5.2 (including) |
| Rpm | Rpm | 2.5.3 (including) | 2.5.3 (including) |
| Rpm | Rpm | 2.5.4 (including) | 2.5.4 (including) |
| Rpm | Rpm | 2.5.5 (including) | 2.5.5 (including) |
| Rpm | Rpm | 2.5.6 (including) | 2.5.6 (including) |
| Rpm | Rpm | 2.6.7 (including) | 2.6.7 (including) |
| Rpm | Rpm | 3.0 (including) | 3.0 (including) |
| Rpm | Rpm | 3.0.1 (including) | 3.0.1 (including) |
| Rpm | Rpm | 3.0.2 (including) | 3.0.2 (including) |
| Rpm | Rpm | 3.0.3 (including) | 3.0.3 (including) |
| Rpm | Rpm | 3.0.4 (including) | 3.0.4 (including) |
| Rpm | Rpm | 3.0.5 (including) | 3.0.5 (including) |
| Rpm | Rpm | 3.0.6 (including) | 3.0.6 (including) |
| Rpm | Rpm | 4.0. (including) | 4.0. (including) |
| Rpm | Rpm | 4.0.1 (including) | 4.0.1 (including) |
| Rpm | Rpm | 4.0.2 (including) | 4.0.2 (including) |
| Rpm | Rpm | 4.0.3 (including) | 4.0.3 (including) |
| Rpm | Rpm | 4.0.4 (including) | 4.0.4 (including) |
| Rpm | Rpm | 4.1 (including) | 4.1 (including) |
| Rpm | Rpm | 4.3.3 (including) | 4.3.3 (including) |
| Rpm | Rpm | 4.4.2.1 (including) | 4.4.2.1 (including) |
| Rpm | Rpm | 4.4.2.2 (including) | 4.4.2.2 (including) |
| Rpm | Rpm | 4.4.2.3 (including) | 4.4.2.3 (including) |
| Rpm | Rpm | 4.5.90 (including) | 4.5.90 (including) |
| Rpm | Rpm | 4.6.0 (including) | 4.6.0 (including) |
| Rpm | Rpm | 4.6.0-rc1 (including) | 4.6.0-rc1 (including) |
| Rpm | Rpm | 4.6.0-rc2 (including) | 4.6.0-rc2 (including) |
| Rpm | Rpm | 4.6.0-rc3 (including) | 4.6.0-rc3 (including) |
| Rpm | Rpm | 4.6.0-rc4 (including) | 4.6.0-rc4 (including) |
| Rpm | Rpm | 4.6.1 (including) | 4.6.1 (including) |
| Rpm | Rpm | 4.7.0 (including) | 4.7.0 (including) |
| Rpm | Rpm | 4.7.1 (including) | 4.7.1 (including) |
| Rpm | Rpm | 4.7.2 (including) | 4.7.2 (including) |
| Rpm | Rpm | 4.8.0 (including) | 4.8.0 (including) |
| Rpm | Rpm | 4.8.1 (including) | 4.8.1 (including) |
| Rpm | Rpm | 4.9.0 (including) | 4.9.0 (including) |
| Rpm | Rpm | 4.9.0-alpha (including) | 4.9.0-alpha (including) |
| Rpm | Rpm | 4.9.0-beta1 (including) | 4.9.0-beta1 (including) |
| Rpm | Rpm | 4.9.0-rc1 (including) | 4.9.0-rc1 (including) |
| Rpm | Rpm | 4.9.1 (including) | 4.9.1 (including) |
| Rpm | Rpm | 4.9.1.1 (including) | 4.9.1.1 (including) |
| Rpm | Rpm | 4.9.1.2 (including) | 4.9.1.2 (including) |
| Rpm | Rpm | 4.10.0 (including) | 4.10.0 (including) |
| Rpm | Rpm | 4.10.1 (including) | 4.10.1 (including) |
| Rpm | Rpm | 4.10.2 (including) | 4.10.2 (including) |
| Red Hat Enterprise Linux 5 | RedHat | rpm-0:4.4.2.3-36.el5_11 | * |
| Red Hat Enterprise Linux 5.6 Long Life | RedHat | rpm-0:4.4.2.3-24.el5_6 | * |
| Red Hat Enterprise Linux 5.9 Extended Update Support | RedHat | rpm-0:4.4.2.3-34.el5_9 | * |
| Red Hat Enterprise Linux 6 | RedHat | rpm-0:4.8.0-38.el6_6 | * |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | RedHat | rpm-0:4.8.0-20.el6_2.1 | * |
| Red Hat Enterprise Linux 6.4 Extended Update Support | RedHat | rpm-0:4.8.0-33.el6_4 | * |
| Red Hat Enterprise Linux 6.5 Extended Update Support | RedHat | rpm-0:4.8.0-38.el6_5 | * |
| Red Hat Enterprise Linux 7 | RedHat | rpm-0:4.11.1-18.el7_0 | * |
| Rpm | Ubuntu | esm-infra-legacy/trusty | * |
| Rpm | Ubuntu | lucid | * |
| Rpm | Ubuntu | precise | * |
| Rpm | Ubuntu | trusty | * |
| Rpm | Ubuntu | trusty/esm | * |
| Rpm | Ubuntu | upstream | * |
| Rpm | Ubuntu | utopic | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/10.html
- https://cwe.mitre.org/data/definitions/101.html
- https://cwe.mitre.org/data/definitions/105.html
- https://cwe.mitre.org/data/definitions/108.html
- https://cwe.mitre.org/data/definitions/120.html
- https://cwe.mitre.org/data/definitions/13.html
- https://cwe.mitre.org/data/definitions/135.html
- https://cwe.mitre.org/data/definitions/14.html
- https://cwe.mitre.org/data/definitions/24.html
- https://cwe.mitre.org/data/definitions/250.html
- https://cwe.mitre.org/data/definitions/267.html
- https://cwe.mitre.org/data/definitions/273.html
- https://cwe.mitre.org/data/definitions/28.html
- https://cwe.mitre.org/data/definitions/3.html
- https://cwe.mitre.org/data/definitions/34.html
- https://cwe.mitre.org/data/definitions/42.html
- https://cwe.mitre.org/data/definitions/43.html
- https://cwe.mitre.org/data/definitions/45.html
- https://cwe.mitre.org/data/definitions/46.html
- https://cwe.mitre.org/data/definitions/47.html
- https://cwe.mitre.org/data/definitions/51.html
- https://cwe.mitre.org/data/definitions/52.html
- https://cwe.mitre.org/data/definitions/53.html
- https://cwe.mitre.org/data/definitions/6.html
- https://cwe.mitre.org/data/definitions/64.html
- https://cwe.mitre.org/data/definitions/67.html
- https://cwe.mitre.org/data/definitions/7.html
- https://cwe.mitre.org/data/definitions/71.html
- https://cwe.mitre.org/data/definitions/72.html
- https://cwe.mitre.org/data/definitions/76.html
- https://cwe.mitre.org/data/definitions/78.html
- https://cwe.mitre.org/data/definitions/79.html
- https://cwe.mitre.org/data/definitions/8.html
- https://cwe.mitre.org/data/definitions/80.html
- https://cwe.mitre.org/data/definitions/83.html
- https://cwe.mitre.org/data/definitions/84.html
- https://cwe.mitre.org/data/definitions/9.html
References
- http://advisories.mageia.org/MGASA-2014-0529.html
- http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705
- http://rhn.redhat.com/errata/RHSA-2014-1974.html
- http://rhn.redhat.com/errata/RHSA-2014-1975.html
- http://rhn.redhat.com/errata/RHSA-2014-1976.html
- http://www.debian.org/security/2015/dsa-3129
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:251
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:056
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/71558
- https://bugzilla.redhat.com/show_bug.cgi?id=1039811
- https://security.gentoo.org/glsa/201811-22
- https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/
- http://advisories.mageia.org/MGASA-2014-0529.html
- http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705
- http://rhn.redhat.com/errata/RHSA-2014-1974.html
- http://rhn.redhat.com/errata/RHSA-2014-1975.html
- http://rhn.redhat.com/errata/RHSA-2014-1976.html
- http://www.debian.org/security/2015/dsa-3129
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:251
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:056
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/71558
- https://bugzilla.redhat.com/show_bug.cgi?id=1039811
- https://security.gentoo.org/glsa/201811-22
- https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/