ID CVE-2012-0815
Summary The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
References
Vulnerable Configurations
  • RPM RPM Package Manager 1.2
    cpe:2.3:a:rpm:rpm:1.2
  • RPM RPM Package Manager 1.3
    cpe:2.3:a:rpm:rpm:1.3
  • RPM RPM Package Manager 1.3.1
    cpe:2.3:a:rpm:rpm:1.3.1
  • RPM RPM Package Manager 1.4
    cpe:2.3:a:rpm:rpm:1.4
  • RPM RPM Package Manager 1.4.1
    cpe:2.3:a:rpm:rpm:1.4.1
  • RPM RPM Package Manager 1.4.2
    cpe:2.3:a:rpm:rpm:1.4.2
  • RPM RPM Package Manager 1.4.2/a
    cpe:2.3:a:rpm:rpm:1.4.2%2fa
  • RPM RPM Package Manager 1.4.3
    cpe:2.3:a:rpm:rpm:1.4.3
  • RPM RPM Package Manager 1.4.4
    cpe:2.3:a:rpm:rpm:1.4.4
  • RPM RPM Package Manager 1.4.5
    cpe:2.3:a:rpm:rpm:1.4.5
  • RPM RPM Package Manager 1.4.6
    cpe:2.3:a:rpm:rpm:1.4.6
  • RPM RPM Package Manager 1.4.7
    cpe:2.3:a:rpm:rpm:1.4.7
  • RPM RPM Package Manager 2.0
    cpe:2.3:a:rpm:rpm:2.0
  • RPM RPM Package Manager 2.0.1
    cpe:2.3:a:rpm:rpm:2.0.1
  • RPM RPM Package Manager 2.0.2
    cpe:2.3:a:rpm:rpm:2.0.2
  • RPM RPM Package Manager 2.0.3
    cpe:2.3:a:rpm:rpm:2.0.3
  • RPM RPM Package Manager 2.0.4
    cpe:2.3:a:rpm:rpm:2.0.4
  • RPM RPM Package Manager 2.0.5
    cpe:2.3:a:rpm:rpm:2.0.5
  • RPM RPM Package Manager 2.0.6
    cpe:2.3:a:rpm:rpm:2.0.6
  • RPM RPM Package Manager 2.0.7
    cpe:2.3:a:rpm:rpm:2.0.7
  • RPM RPM Package Manager 2.0.8
    cpe:2.3:a:rpm:rpm:2.0.8
  • RPM RPM Package Manager 2.0.9
    cpe:2.3:a:rpm:rpm:2.0.9
  • RPM RPM Package Manager 2.0.10
    cpe:2.3:a:rpm:rpm:2.0.10
  • RPM RPM Package Manager 2.0.11
    cpe:2.3:a:rpm:rpm:2.0.11
  • RPM RPM Package Manager 2.1
    cpe:2.3:a:rpm:rpm:2.1
  • RPM RPM Package Manager 2.1.1
    cpe:2.3:a:rpm:rpm:2.1.1
  • RPM RPM Package Manager 2.1.2
    cpe:2.3:a:rpm:rpm:2.1.2
  • RPM RPM Package Manager 2.2
    cpe:2.3:a:rpm:rpm:2.2
  • RPM RPM Package Manager 2.2.1
    cpe:2.3:a:rpm:rpm:2.2.1
  • RPM RPM Package Manager 2.2.2
    cpe:2.3:a:rpm:rpm:2.2.2
  • RPM RPM Package Manager 2.2.3
    cpe:2.3:a:rpm:rpm:2.2.3
  • RPM RPM Package Manager 2.3.10
    cpe:2.3:a:rpm:rpm:2.2.3.10
  • RPM RPM Package Manager 2.3.11
    cpe:2.3:a:rpm:rpm:2.2.3.11
  • RPM RPM Package Manager 2.2.4
    cpe:2.3:a:rpm:rpm:2.2.4
  • RPM RPM Package Manager 2.2.5
    cpe:2.3:a:rpm:rpm:2.2.5
  • RPM RPM Package Manager 2.2.6
    cpe:2.3:a:rpm:rpm:2.2.6
  • RPM RPM Package Manager 2.2.7
    cpe:2.3:a:rpm:rpm:2.2.7
  • RPM RPM Package Manager 2.2.8
    cpe:2.3:a:rpm:rpm:2.2.8
  • RPM RPM Package Manager 2.2.9
    cpe:2.3:a:rpm:rpm:2.2.9
  • RPM RPM Package Manager 2.2.10
    cpe:2.3:a:rpm:rpm:2.2.10
  • RPM RPM Package Manager 2.2.11
    cpe:2.3:a:rpm:rpm:2.2.11
  • RPM RPM Package Manager 2.3
    cpe:2.3:a:rpm:rpm:2.3
  • RPM RPM Package Manager 2.3.1
    cpe:2.3:a:rpm:rpm:2.3.1
  • RPM RPM Package Manager 2.3.2
    cpe:2.3:a:rpm:rpm:2.3.2
  • RPM RPM Package Manager 2.3.3
    cpe:2.3:a:rpm:rpm:2.3.3
  • RPM RPM Package Manager 2.3.4
    cpe:2.3:a:rpm:rpm:2.3.4
  • RPM RPM Package Manager 2.3.5
    cpe:2.3:a:rpm:rpm:2.3.5
  • RPM RPM Package Manager 2.3.6
    cpe:2.3:a:rpm:rpm:2.3.6
  • RPM RPM Package Manager 2.3.7
    cpe:2.3:a:rpm:rpm:2.3.7
  • RPM RPM Package Manager 2.3.9
    cpe:2.3:a:rpm:rpm:2.3.8
  • RPM RPM Package Manager 2.3.9
    cpe:2.3:a:rpm:rpm:2.3.9
  • RPM RPM Package Manager 2.4.1
    cpe:2.3:a:rpm:rpm:2.4.1
  • RPM RPM Package Manager 2.4.2
    cpe:2.3:a:rpm:rpm:2.4.2
  • RPM RPM Package Manager 2.4.3
    cpe:2.3:a:rpm:rpm:2.4.3
  • RPM RPM Package Manager 2.4.4
    cpe:2.3:a:rpm:rpm:2.4.4
  • RPM RPM Package Manager 2.4.5
    cpe:2.3:a:rpm:rpm:2.4.5
  • RPM RPM Package Manager 2.4.6
    cpe:2.3:a:rpm:rpm:2.4.6
  • RPM RPM Package Manager 2.4.8
    cpe:2.3:a:rpm:rpm:2.4.8
  • RPM RPM Package Manager 2.4.9
    cpe:2.3:a:rpm:rpm:2.4.9
  • RPM RPM Package Manager 2..11
    cpe:2.3:a:rpm:rpm:2.4.11
  • RPM RPM Package Manager 2.4.12
    cpe:2.3:a:rpm:rpm:2.4.12
  • RPM RPM Package Manager 2.5
    cpe:2.3:a:rpm:rpm:2.5
  • RPM RPM Package Manager 2.5.1
    cpe:2.3:a:rpm:rpm:2.5.1
  • RPM RPM Package Manager 2.5.2
    cpe:2.3:a:rpm:rpm:2.5.2
  • RPM RPM Package Manager 2.5.3
    cpe:2.3:a:rpm:rpm:2.5.3
  • RPM RPM Package Manager 2.5.4
    cpe:2.3:a:rpm:rpm:2.5.4
  • RPM RPM Package Manager 2.5.5
    cpe:2.3:a:rpm:rpm:2.5.5
  • RPM RPM Package Manager 2.5.6
    cpe:2.3:a:rpm:rpm:2.5.6
  • RPM RPM Package Manager 2.4.7
    cpe:2.3:a:rpm:rpm:2.6.7
  • RPM RPM Package Manager 3.0
    cpe:2.3:a:rpm:rpm:3.0
  • RPM RPM Package Manager 3.0.1
    cpe:2.3:a:rpm:rpm:3.0.1
  • RPM RPM Package Manager 3.0.2
    cpe:2.3:a:rpm:rpm:3.0.2
  • RPM RPM Package Manager 3.0.3
    cpe:2.3:a:rpm:rpm:3.0.3
  • RPM RPM Package Manager 3.0.4
    cpe:2.3:a:rpm:rpm:3.0.4
  • RPM RPM Package Manager 3.0.5
    cpe:2.3:a:rpm:rpm:3.0.5
  • RPM RPM Package Manager 3.0.6
    cpe:2.3:a:rpm:rpm:3.0.6
  • RPM RPM Package Manager 4.0
    cpe:2.3:a:rpm:rpm:4.0.
  • RPM RPM Package Manager 4.0.1
    cpe:2.3:a:rpm:rpm:4.0.1
  • RPM RPM Package Manager 4.0.2
    cpe:2.3:a:rpm:rpm:4.0.2
  • RPM RPM Package Manager 4.0.3
    cpe:2.3:a:rpm:rpm:4.0.3
  • RPM RPM Package Manager 4.0.4
    cpe:2.3:a:rpm:rpm:4.0.4
  • RPM RPM Package Manager 4.1
    cpe:2.3:a:rpm:rpm:4.1
  • RPM RPM Package Manager 4.3
    cpe:2.3:a:rpm:rpm:4.3.3
  • RPM Package Manager 4.4.2.1
    cpe:2.3:a:rpm:rpm:4.4.2.1
  • RPM Package Manager 4.4.2.2
    cpe:2.3:a:rpm:rpm:4.4.2.2
  • RPM Package Manager 4.4.2.3
    cpe:2.3:a:rpm:rpm:4.4.2.3
  • RPM RPM Package Manager 4.5.90
    cpe:2.3:a:rpm:rpm:4.5.90
  • RPM Package Manager 4.6.0
    cpe:2.3:a:rpm:rpm:4.6.0
  • RPM RPM Package Manager 4.6.0-release candidate 1
    cpe:2.3:a:rpm:rpm:4.6.0:rc1
  • RPM RPM Package Manager 4.6.0-release candidate 2
    cpe:2.3:a:rpm:rpm:4.6.0:rc2
  • RPM RPM Package Manager 4.6.0-release candidate 3
    cpe:2.3:a:rpm:rpm:4.6.0:rc3
  • RPM RPM Package Manager 4.6.0-release candidate 4
    cpe:2.3:a:rpm:rpm:4.6.0:rc4
  • RPM RPM Package Manager 4.6.1
    cpe:2.3:a:rpm:rpm:4.6.1
  • RPM Package Manager 4.7.0
    cpe:2.3:a:rpm:rpm:4.7.0
  • RPM RPM Package Manager 4.7.1
    cpe:2.3:a:rpm:rpm:4.7.1
  • RPM RPM Package Manager 4.7.2
    cpe:2.3:a:rpm:rpm:4.7.2
  • RPM Package Manager 4.8.0
    cpe:2.3:a:rpm:rpm:4.8.0
  • RPM RPM Package Manager 4.8.1
    cpe:2.3:a:rpm:rpm:4.8.1
  • RPM Package Manager 4.9.0
    cpe:2.3:a:rpm:rpm:4.9.0
  • RPM RPM Package Manager 4.9.0 alpha
    cpe:2.3:a:rpm:rpm:4.9.0:alpha
  • RPM RPM Package Manager 4.9.0 beta1
    cpe:2.3:a:rpm:rpm:4.9.0:beta1
  • RPM RPM Package Manager 4.9.0 release candidate 1
    cpe:2.3:a:rpm:rpm:4.9.0:rc1
  • RPM RPM Package Manager 4.9.1
    cpe:2.3:a:rpm:rpm:4.9.1
  • RPM RPM Package Manager 4.9.1.1
    cpe:2.3:a:rpm:rpm:4.9.1.1
  • RPM RPM Package Manager 4.9.1.2
    cpe:2.3:a:rpm:rpm:4.9.1.2
CVSS
Base: 6.8 (as of 05-06-2012 - 13:34)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_POPT-120420.NASL
    description Multiple security vulnerabilities were reported in RPM which could have been exploited via specially crafted RPM files to cause a denial of service (application crash) or potentially allow attackers to execute arbitrary code. Additionally, a non-security issue has been fixed that could have caused a division by zero in cycles calculation under rare circumstances.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64214
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64214
    title SuSE 11.2 Security Update : RPM (SAT Patch Number 6191)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_POPT-120419.NASL
    description Multiple security vulnerabilities were reported in RPM which could be exploited via specially crafted RPM files to cause a denial of service (application crash) or potentially allow attackers to execute arbitrary code. Additionally, a non-security issue was fixed that could cause a division by zero in cycles calculation under rare circumstances.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64213
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64213
    title SuSE 11.1 Security Update : RPM (SAT Patch Number 6186)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0451.NASL
    description From Red Hat Security Advisory 2012:0451 : Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815) Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network are protected by the use of a secure HTTPS connection in addition to the RPM package signature checks. All RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68505
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68505
    title Oracle Linux 4 / 5 / 6 : rpm (ELSA-2012-0451)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1695-1.NASL
    description It was discovered that RPM incorrectly handled certain package headers. If a user or automated system were tricked into installing a specially crafted RPM package, an attacker could cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 63612
    published 2013-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63612
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : rpm vulnerabilities (USN-1695-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-056.NASL
    description Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 58717
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58717
    title Mandriva Linux Security Advisory : rpm (MDVSA-2012:056)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0531.NASL
    description An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues) CVE-2012-0884 and CVE-2012-1165 (openssl issues) CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues) This update also fixes the following bug : * The Hypervisor previously set the lro_disable option for the enic driver. The driver does not support this option, as a result the Hypervisor did not correctly detect and configure the network interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has been updated and no longer sets the invalid option for this driver. (BZ#809463) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 78922
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78922
    title RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-140.NASL
    description Several vulnerabilities have been fixed in rpm : CVE-2014-8118 Fix integer overflow which allowed remote attackers to execute arbitrary code. CVE-2013-6435 Prevent remote attackers from executing arbitrary code via crafted RPM files. CVE-2012-0815 Fix denial of service and possible code execution via negative value in region offset in crafted RPM files. CVE-2012-0060 and CVE-2012-0061 Prevent denial of service (crash) and possibly execute arbitrary code execution via an invalid region tag in RPM files. We recommend that you upgrade your rpm packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82123
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82123
    title Debian DLA-140-1 : rpm security update
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0077.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Add missing files in /usr/share/doc/ - Fix warning when applying the patch for #1163057 - Fix race condidition where unchecked data is exposed in the file system (CVE-2013-6435)(#1163057) - Fix segfault on rpmdb addition when header unload fails (#706935) - Fix segfault on invalid OpenPGP packet (#743203) - Account for excludes and hardlinks wrt payload max size (#716853) - Fix payload size tag generation on big-endian systems (#648516) - Track all install failures within a transaction (#671194) - fix changelog (bug #707677 is actually #808547) - Document -D and -E options in man page (#814602) - Require matching arch for freshen on colored transactions (#813282) - Add DWARF 3 and 4 support to debugedit (#808547) - No longer add \n to group tag in Python bindings (#783451) - Fix typos in Japanese rpm man page (#760552) - Bump Geode compatibility up to i686 (#620570) - Proper region tag validation on package/header read (CVE-2012-0060) - Double-check region size against header size (CVE-2012-0061) - Validate negated offsets too in headerVerifyInfo (CVE-2012-0815) - Revert fix for #740291, too many packages rely on the broken behavior - Add support for XZ-compressed sources and patches to rpmbuild (#620674) - Avoid unnecessary assert-death when closing NULL fd (#573043) - Add scriptlet error notification callbacks (#533831) - Honor --noscripts for pre- and posttrans scriptlets too (#740345) - Avoid bogus error on printing empty ds from python (#628883) - File conflicts correctness & consistency fixes (#740291) - Create the directory used for transaction lock if necessary (#510469) - Only enforce default umask during transaction (#673821) - fix thinko in the CVE backport - fix CVE-2011-3378 (#742157) - accept windows cr/lf line endings in gpg keys (#530212) - Backport multilib ordering fixes from rpm 4.8.x (#641892)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 91753
    published 2016-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91753
    title OracleVM 3.2 : rpm (OVMSA-2016-0077)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0451.NASL
    description Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815) Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network are protected by the use of a secure HTTPS connection in addition to the RPM package signature checks. All RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58586
    published 2012-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58586
    title RHEL 5 / 6 : rpm (RHSA-2012:0451)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5421.NASL
    description This update fixes various input-validation issues in rpm: CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 58821
    published 2012-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58821
    title Fedora 16 : rpm-4.9.1.3-1.fc16 (2012-5421)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-26.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-26 (RPM: Multiple vulnerabilities) Multiple vulnerabilities have been found in RPM: fsm.c fails to properly strip setuid and setgid bits from executable files during a package upgrade (CVE-2010-2059). RPM does not properly parse spec files (CVE-2010-2197). fsm.c fails to properly strip POSIX file capabilities from executable files during a package upgrade or removal (CVE-2010-2198). fsm.c fails to properly strip POSIX ACLs from executable files during a package upgrade or removal (CVE-2010-2199). header.c does not properly parse region offsets in package files (CVE-2011-3378). RPM does not properly sanitize region tags in package headers (CVE-2012-0060). RPM does not properly sanitize region sizes in package headers (CVE-2012-0061). RPM does not properly sanitize region offsets in package headers(CVE-2012-0815). Impact : A local attacker may be able to gain elevated privileges. Furthermore, a remote attacker could entice a user to open a specially crafted RPM package, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 59679
    published 2012-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59679
    title GLSA-201206-26 : RPM: Multiple vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0451.NASL
    description Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815) Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network are protected by the use of a secure HTTPS connection in addition to the RPM package signature checks. All RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58584
    published 2012-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58584
    title CentOS 5 / 6 : rpm (CESA-2012:0451)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120403_RPM_ON_SL5_X.NASL
    description The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815) Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified. All RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61294
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61294
    title Scientific Linux Security Update : rpm on SL5.x, SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-260.NASL
    description specially crafted signature headers could crash rpm
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 74615
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74615
    title openSUSE Security Update : rpm / rpm-python (openSUSE-SU-2012:0589-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5420.NASL
    description This update fixes various input-validation issues in rpm: CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 58820
    published 2012-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58820
    title Fedora 15 : rpm-4.9.1.3-1.fc15 (2012-5420)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-259.NASL
    description specially crafted signature headers could crash rpm
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 74614
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74614
    title openSUSE Security Update : rpm / rpm-python (openSUSE-SU-2012:0588-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5298.NASL
    description This update fixes various input-validation issues in rpm: CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 58712
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58712
    title Fedora 17 : rpm-4.9.1.3-1.fc17 (2012-5298)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0013.NASL
    description a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 61747
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61747
    title VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89038
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89038
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
redhat via4
advisories
  • bugzilla
    id 798585
    title CVE-2012-0061 rpm: improper validation of header contents total size in headerLoad()
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment rpm is earlier than 0:4.8.0-19.el6_2.1
            oval oval:com.redhat.rhsa:tst:20120451005
          • comment rpm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111349034
        • AND
          • comment rpm-apidocs is earlier than 0:4.8.0-19.el6_2.1
            oval oval:com.redhat.rhsa:tst:20120451007
          • comment rpm-apidocs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111349046
        • AND
          • comment rpm-build is earlier than 0:4.8.0-19.el6_2.1
            oval oval:com.redhat.rhsa:tst:20120451011
          • comment rpm-build is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111349040
        • AND
          • comment rpm-cron is earlier than 0:4.8.0-19.el6_2.1
            oval oval:com.redhat.rhsa:tst:20120451009
          • comment rpm-cron is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111349044
        • AND
          • comment rpm-devel is earlier than 0:4.8.0-19.el6_2.1
            oval oval:com.redhat.rhsa:tst:20120451013
          • comment rpm-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111349038
        • AND
          • comment rpm-libs is earlier than 0:4.8.0-19.el6_2.1
            oval oval:com.redhat.rhsa:tst:20120451017
          • comment rpm-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111349042
        • AND
          • comment rpm-python is earlier than 0:4.8.0-19.el6_2.1
            oval oval:com.redhat.rhsa:tst:20120451015
          • comment rpm-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111349036
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment popt is earlier than 0:1.10.2.3-28.el5_8
            oval oval:com.redhat.rhsa:tst:20120451032
          • comment popt is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100679011
        • AND
          • comment rpm is earlier than 0:4.4.2.3-28.el5_8
            oval oval:com.redhat.rhsa:tst:20120451020
          • comment rpm is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100679003
        • AND
          • comment rpm-apidocs is earlier than 0:4.4.2.3-28.el5_8
            oval oval:com.redhat.rhsa:tst:20120451028
          • comment rpm-apidocs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100679005
        • AND
          • comment rpm-build is earlier than 0:4.4.2.3-28.el5_8
            oval oval:com.redhat.rhsa:tst:20120451030
          • comment rpm-build is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100679007
        • AND
          • comment rpm-devel is earlier than 0:4.4.2.3-28.el5_8
            oval oval:com.redhat.rhsa:tst:20120451022
          • comment rpm-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100679009
        • AND
          • comment rpm-libs is earlier than 0:4.4.2.3-28.el5_8
            oval oval:com.redhat.rhsa:tst:20120451024
          • comment rpm-libs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100679013
        • AND
          • comment rpm-python is earlier than 0:4.4.2.3-28.el5_8
            oval oval:com.redhat.rhsa:tst:20120451026
          • comment rpm-python is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100679015
    rhsa
    id RHSA-2012:0451
    released 2012-04-03
    severity Important
    title RHSA-2012:0451: rpm security update (Important)
  • rhsa
    id RHSA-2012:0531
rpms
  • rpm-0:4.8.0-19.el6_2.1
  • rpm-apidocs-0:4.8.0-19.el6_2.1
  • rpm-build-0:4.8.0-19.el6_2.1
  • rpm-cron-0:4.8.0-19.el6_2.1
  • rpm-devel-0:4.8.0-19.el6_2.1
  • rpm-libs-0:4.8.0-19.el6_2.1
  • rpm-python-0:4.8.0-19.el6_2.1
  • popt-0:1.10.2.3-28.el5_8
  • rpm-0:4.4.2.3-28.el5_8
  • rpm-apidocs-0:4.4.2.3-28.el5_8
  • rpm-build-0:4.4.2.3-28.el5_8
  • rpm-devel-0:4.4.2.3-28.el5_8
  • rpm-libs-0:4.4.2.3-28.el5_8
  • rpm-python-0:4.4.2.3-28.el5_8
refmap via4
bid 52865
confirm
fedora
  • FEDORA-2012-5298
  • FEDORA-2012-5420
  • FEDORA-2012-5421
mandriva MDVSA-2012:056
misc https://bugzilla.redhat.com/show_bug.cgi?id=744104
osvdb 81009
sectrack 1026882
secunia
  • 48651
  • 48716
  • 49110
suse
  • openSUSE-SU-2012:0588
  • openSUSE-SU-2012:0589
ubuntu USN-1695-1
xf rpm-headerverifyinfo-code-execution(74581)
vmware via4
description The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues.
id VMSA-2012-0013
last_updated 2012-12-20T00:00:00
published 2012-08-30T00:00:00
title Update to ESX service console GnuTLS RPM
Last major update 08-09-2016 - 21:59
Published 04-06-2012 - 16:55
Last modified 17-01-2018 - 21:29
Back to Top