ID CVE-2014-8118
Summary Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
References
Vulnerable Configurations
  • RPM RPM Package Manager 1.2
    cpe:2.3:a:rpm:rpm:1.2
  • RPM RPM Package Manager 1.3
    cpe:2.3:a:rpm:rpm:1.3
  • RPM RPM Package Manager 1.3.1
    cpe:2.3:a:rpm:rpm:1.3.1
  • RPM RPM Package Manager 1.4
    cpe:2.3:a:rpm:rpm:1.4
  • RPM RPM Package Manager 1.4.1
    cpe:2.3:a:rpm:rpm:1.4.1
  • RPM RPM Package Manager 1.4.2
    cpe:2.3:a:rpm:rpm:1.4.2
  • RPM RPM Package Manager 1.4.2/a
    cpe:2.3:a:rpm:rpm:1.4.2%2fa
  • RPM RPM Package Manager 1.4.3
    cpe:2.3:a:rpm:rpm:1.4.3
  • RPM RPM Package Manager 1.4.4
    cpe:2.3:a:rpm:rpm:1.4.4
  • RPM RPM Package Manager 1.4.5
    cpe:2.3:a:rpm:rpm:1.4.5
  • RPM RPM Package Manager 1.4.6
    cpe:2.3:a:rpm:rpm:1.4.6
  • RPM RPM Package Manager 1.4.7
    cpe:2.3:a:rpm:rpm:1.4.7
  • RPM RPM Package Manager 2.0
    cpe:2.3:a:rpm:rpm:2.0
  • RPM RPM Package Manager 2.0.1
    cpe:2.3:a:rpm:rpm:2.0.1
  • RPM RPM Package Manager 2.0.2
    cpe:2.3:a:rpm:rpm:2.0.2
  • RPM RPM Package Manager 2.0.3
    cpe:2.3:a:rpm:rpm:2.0.3
  • RPM RPM Package Manager 2.0.4
    cpe:2.3:a:rpm:rpm:2.0.4
  • RPM RPM Package Manager 2.0.5
    cpe:2.3:a:rpm:rpm:2.0.5
  • RPM RPM Package Manager 2.0.6
    cpe:2.3:a:rpm:rpm:2.0.6
  • RPM RPM Package Manager 2.0.7
    cpe:2.3:a:rpm:rpm:2.0.7
  • RPM RPM Package Manager 2.0.8
    cpe:2.3:a:rpm:rpm:2.0.8
  • RPM RPM Package Manager 2.0.9
    cpe:2.3:a:rpm:rpm:2.0.9
  • RPM RPM Package Manager 2.0.10
    cpe:2.3:a:rpm:rpm:2.0.10
  • RPM RPM Package Manager 2.0.11
    cpe:2.3:a:rpm:rpm:2.0.11
  • RPM RPM Package Manager 2.1
    cpe:2.3:a:rpm:rpm:2.1
  • RPM RPM Package Manager 2.1.1
    cpe:2.3:a:rpm:rpm:2.1.1
  • RPM RPM Package Manager 2.1.2
    cpe:2.3:a:rpm:rpm:2.1.2
  • RPM RPM Package Manager 2.2
    cpe:2.3:a:rpm:rpm:2.2
  • RPM RPM Package Manager 2.2.1
    cpe:2.3:a:rpm:rpm:2.2.1
  • RPM RPM Package Manager 2.2.2
    cpe:2.3:a:rpm:rpm:2.2.2
  • RPM RPM Package Manager 2.2.3
    cpe:2.3:a:rpm:rpm:2.2.3
  • RPM RPM Package Manager 2.3.10
    cpe:2.3:a:rpm:rpm:2.2.3.10
  • RPM RPM Package Manager 2.3.11
    cpe:2.3:a:rpm:rpm:2.2.3.11
  • RPM RPM Package Manager 2.2.4
    cpe:2.3:a:rpm:rpm:2.2.4
  • RPM RPM Package Manager 2.2.5
    cpe:2.3:a:rpm:rpm:2.2.5
  • RPM RPM Package Manager 2.2.6
    cpe:2.3:a:rpm:rpm:2.2.6
  • RPM RPM Package Manager 2.2.7
    cpe:2.3:a:rpm:rpm:2.2.7
  • RPM RPM Package Manager 2.2.8
    cpe:2.3:a:rpm:rpm:2.2.8
  • RPM RPM Package Manager 2.2.9
    cpe:2.3:a:rpm:rpm:2.2.9
  • RPM RPM Package Manager 2.2.10
    cpe:2.3:a:rpm:rpm:2.2.10
  • RPM RPM Package Manager 2.2.11
    cpe:2.3:a:rpm:rpm:2.2.11
  • RPM RPM Package Manager 2.3
    cpe:2.3:a:rpm:rpm:2.3
  • RPM RPM Package Manager 2.3.1
    cpe:2.3:a:rpm:rpm:2.3.1
  • RPM RPM Package Manager 2.3.2
    cpe:2.3:a:rpm:rpm:2.3.2
  • RPM RPM Package Manager 2.3.3
    cpe:2.3:a:rpm:rpm:2.3.3
  • RPM RPM Package Manager 2.3.4
    cpe:2.3:a:rpm:rpm:2.3.4
  • RPM RPM Package Manager 2.3.5
    cpe:2.3:a:rpm:rpm:2.3.5
  • RPM RPM Package Manager 2.3.6
    cpe:2.3:a:rpm:rpm:2.3.6
  • RPM RPM Package Manager 2.3.7
    cpe:2.3:a:rpm:rpm:2.3.7
  • RPM RPM Package Manager 2.3.9
    cpe:2.3:a:rpm:rpm:2.3.8
  • RPM RPM Package Manager 2.3.9
    cpe:2.3:a:rpm:rpm:2.3.9
  • RPM RPM Package Manager 2.4.1
    cpe:2.3:a:rpm:rpm:2.4.1
  • RPM RPM Package Manager 2.4.2
    cpe:2.3:a:rpm:rpm:2.4.2
  • RPM RPM Package Manager 2.4.3
    cpe:2.3:a:rpm:rpm:2.4.3
  • RPM RPM Package Manager 2.4.4
    cpe:2.3:a:rpm:rpm:2.4.4
  • RPM RPM Package Manager 2.4.5
    cpe:2.3:a:rpm:rpm:2.4.5
  • RPM RPM Package Manager 2.4.6
    cpe:2.3:a:rpm:rpm:2.4.6
  • RPM RPM Package Manager 2.4.8
    cpe:2.3:a:rpm:rpm:2.4.8
  • RPM RPM Package Manager 2.4.9
    cpe:2.3:a:rpm:rpm:2.4.9
  • RPM RPM Package Manager 2..11
    cpe:2.3:a:rpm:rpm:2.4.11
  • RPM RPM Package Manager 2.4.12
    cpe:2.3:a:rpm:rpm:2.4.12
  • RPM RPM Package Manager 2.5
    cpe:2.3:a:rpm:rpm:2.5
  • RPM RPM Package Manager 2.5.1
    cpe:2.3:a:rpm:rpm:2.5.1
  • RPM RPM Package Manager 2.5.2
    cpe:2.3:a:rpm:rpm:2.5.2
  • RPM RPM Package Manager 2.5.3
    cpe:2.3:a:rpm:rpm:2.5.3
  • RPM RPM Package Manager 2.5.4
    cpe:2.3:a:rpm:rpm:2.5.4
  • RPM RPM Package Manager 2.5.5
    cpe:2.3:a:rpm:rpm:2.5.5
  • RPM RPM Package Manager 2.5.6
    cpe:2.3:a:rpm:rpm:2.5.6
  • RPM RPM Package Manager 2.4.7
    cpe:2.3:a:rpm:rpm:2.6.7
  • RPM RPM Package Manager 3.0
    cpe:2.3:a:rpm:rpm:3.0
  • RPM RPM Package Manager 3.0.1
    cpe:2.3:a:rpm:rpm:3.0.1
  • RPM RPM Package Manager 3.0.2
    cpe:2.3:a:rpm:rpm:3.0.2
  • RPM RPM Package Manager 3.0.3
    cpe:2.3:a:rpm:rpm:3.0.3
  • RPM RPM Package Manager 3.0.4
    cpe:2.3:a:rpm:rpm:3.0.4
  • RPM RPM Package Manager 3.0.5
    cpe:2.3:a:rpm:rpm:3.0.5
  • RPM RPM Package Manager 3.0.6
    cpe:2.3:a:rpm:rpm:3.0.6
  • RPM RPM Package Manager 4.0
    cpe:2.3:a:rpm:rpm:4.0.
  • RPM RPM Package Manager 4.0.1
    cpe:2.3:a:rpm:rpm:4.0.1
  • RPM RPM Package Manager 4.0.2
    cpe:2.3:a:rpm:rpm:4.0.2
  • RPM RPM Package Manager 4.0.3
    cpe:2.3:a:rpm:rpm:4.0.3
  • RPM RPM Package Manager 4.0.4
    cpe:2.3:a:rpm:rpm:4.0.4
  • RPM RPM Package Manager 4.1
    cpe:2.3:a:rpm:rpm:4.1
  • RPM RPM Package Manager 4.3
    cpe:2.3:a:rpm:rpm:4.3.3
  • RPM RPM Package Manager 4.4.2.1
    cpe:2.3:a:rpm:rpm:4.4.2.1
  • RPM RPM Package Manager 4.4.2.2
    cpe:2.3:a:rpm:rpm:4.4.2.2
  • RPM RPM Package Manager 4.4.2.3
    cpe:2.3:a:rpm:rpm:4.4.2.3
  • RPM RPM Package Manager 4.5.90
    cpe:2.3:a:rpm:rpm:4.5.90
  • RPM RPM Package Manager 4.6.0
    cpe:2.3:a:rpm:rpm:4.6.0
  • RPM RPM Package Manager 4.6.0-release candidate 1
    cpe:2.3:a:rpm:rpm:4.6.0:rc1
  • RPM RPM Package Manager 4.6.0-release candidate 2
    cpe:2.3:a:rpm:rpm:4.6.0:rc2
  • RPM RPM Package Manager 4.6.0-release candidate 3
    cpe:2.3:a:rpm:rpm:4.6.0:rc3
  • RPM RPM Package Manager 4.6.0-release candidate 4
    cpe:2.3:a:rpm:rpm:4.6.0:rc4
  • RPM RPM Package Manager 4.6.1
    cpe:2.3:a:rpm:rpm:4.6.1
  • RPM RPM Package Manager 4.7.0
    cpe:2.3:a:rpm:rpm:4.7.0
  • RPM RPM Package Manager 4.7.1
    cpe:2.3:a:rpm:rpm:4.7.1
  • RPM RPM Package Manager 4.7.2
    cpe:2.3:a:rpm:rpm:4.7.2
  • RPM RPM Package Manager 4.8.0
    cpe:2.3:a:rpm:rpm:4.8.0
  • RPM RPM Package Manager 4.8.1
    cpe:2.3:a:rpm:rpm:4.8.1
  • RPM RPM Package Manager 4.9.0
    cpe:2.3:a:rpm:rpm:4.9.0
  • RPM RPM Package Manager 4.9.0 alpha
    cpe:2.3:a:rpm:rpm:4.9.0:alpha
  • RPM RPM Package Manager 4.9.0 beta1
    cpe:2.3:a:rpm:rpm:4.9.0:beta1
  • RPM RPM Package Manager 4.9.0 release candidate 1
    cpe:2.3:a:rpm:rpm:4.9.0:rc1
  • RPM RPM Package Manager 4.9.1
    cpe:2.3:a:rpm:rpm:4.9.1
  • RPM RPM Package Manager 4.9.1.1
    cpe:2.3:a:rpm:rpm:4.9.1.1
  • RPM RPM Package Manager 4.9.1.2
    cpe:2.3:a:rpm:rpm:4.9.1.2
  • RPM RPM Package Manager 4.10.0
    cpe:2.3:a:rpm:rpm:4.10.0
  • RPM RPM Package Manager 4.10.1
    cpe:2.3:a:rpm:rpm:4.10.1
  • RPM RPM Package Manager 4.10.2
    cpe:2.3:a:rpm:rpm:4.10.2
  • RPM RPM Package Manager 4.12.0
    cpe:2.3:a:rpm:rpm:4.12.0
CVSS
Base: 10.0 (as of 10-09-2015 - 08:49)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-816.NASL
    description This rpm update fixes the following security and non security issues : - honor --noglob in install mode [bnc#892431] - check for bad invalid name sizes [bnc#908128] [CVE-2014-8118] - create files with mode 0 [bnc#906803] [CVE-2013-6435] This update also includes version updates of rpm-python and python3-rpm.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80276
    published 2014-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80276
    title openSUSE Security Update : python3-rpm / rpm / rpm-python (openSUSE-SU-2014:1716-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141209_RPM_ON_SL7_X.NASL
    description It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118) All running applications linked against the RPM library must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 80016
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80016
    title Scientific Linux Security Update : rpm on SL7.x x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-140.NASL
    description Several vulnerabilities have been fixed in rpm : CVE-2014-8118 Fix integer overflow which allowed remote attackers to execute arbitrary code. CVE-2013-6435 Prevent remote attackers from executing arbitrary code via crafted RPM files. CVE-2012-0815 Fix denial of service and possible code execution via negative value in region offset in crafted RPM files. CVE-2012-0060 and CVE-2012-0061 Prevent denial of service (crash) and possibly execute arbitrary code execution via an invalid region tag in RPM files. We recommend that you upgrade your rpm packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82123
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82123
    title Debian DLA-140-1 : rpm security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_POPT-141215.NASL
    description This rpm update fixes the following security and non security issues. - check for bad invalid name sizes. (CVE-2014-8118). (bnc#908128) - create files with mode 0. (CVE-2013-6435). (bnc#906803) - honor --noglob in install mode. (bnc#892431)
    last seen 2018-09-01
    modified 2014-12-26
    plugin id 80252
    published 2014-12-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80252
    title SuSE 11.3 Security Update : popt (SAT Patch Number 10097)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1976.NASL
    description Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118) These issues were discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79877
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79877
    title CentOS 7 : rpm (CESA-2014:1976)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1976.NASL
    description From Red Hat Security Advisory 2014:1976 : Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118) These issues were discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 79847
    published 2014-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79847
    title Oracle Linux 7 : rpm (ELSA-2014-1976)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3129.NASL
    description Two vulnerabilities have been discovered in the RPM package manager. - CVE-2013-6435 Florian Weimer discovered a race condition in package signature validation. - CVE-2014-8118 Florian Weimer discovered an integer overflow in parsing CPIO headers which might result in the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80573
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80573
    title Debian DSA-3129-1 : rpm - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1976.NASL
    description Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118) These issues were discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79851
    published 2014-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79851
    title RHEL 7 : rpm (RHSA-2014:1976)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-056.NASL
    description Updated rpm packages fix security vulnerabilities : It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation (CVE-2013-6435). It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation (CVE-2014-8118).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 81939
    published 2015-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81939
    title Mandriva Linux Security Advisory : rpm (MDVSA-2015:056)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-251.NASL
    description Updated rpm packages fix security vulnerabilities : It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation (CVE-2013-6435). It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation (CVE-2014-8118).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 79996
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79996
    title Mandriva Linux Security Advisory : rpm (MDVSA-2014:251)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-16890.NASL
    description - Add check against malicious CPIO file name size - Fix race condidition where unchecked data is exposed in the file system Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 80065
    published 2014-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80065
    title Fedora 21 : rpm-4.12.0.1-4.fc21 (2014-16890)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2479-1.NASL
    description Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. (CVE-2013-6435) Florian Weimer discovered that RPM incorrectly handled certain CPIO headers. If a user or automated system were tricked into installing a malicious package file, a remote attacker could use this issue to cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8118). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 80854
    published 2015-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80854
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : rpm vulnerabilities (USN-2479-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201811-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-201811-22 (RPM: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing the user to process a specially crafted RPM file, could escalate privileges, execute arbitrary code, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 119276
    published 2018-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119276
    title GLSA-201811-22 : RPM: Multiple vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-458.NASL
    description It was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118) It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. Red Hat has published an excellent analysis of this issue. (CVE-2013-6435)
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 79842
    published 2014-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79842
    title Amazon Linux AMI : rpm (ALAS-2014-458)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-16838.NASL
    description - Add check against malicious CPIO file name size - Fix race condidition where unchecked data is exposed in the file system Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 80288
    published 2014-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80288
    title Fedora 20 : rpm-4.11.3-2.fc20 (2014-16838)
redhat via4
advisories
bugzilla
id 1168715
title CVE-2014-8118 rpm: integer overflow and stack overflow in CPIO header parsing
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment rpm is earlier than 0:4.11.1-18.el7_0
        oval oval:com.redhat.rhsa:tst:20141976005
      • comment rpm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111349034
    • AND
      • comment rpm-apidocs is earlier than 0:4.11.1-18.el7_0
        oval oval:com.redhat.rhsa:tst:20141976021
      • comment rpm-apidocs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111349046
    • AND
      • comment rpm-build is earlier than 0:4.11.1-18.el7_0
        oval oval:com.redhat.rhsa:tst:20141976011
      • comment rpm-build is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111349040
    • AND
      • comment rpm-build-libs is earlier than 0:4.11.1-18.el7_0
        oval oval:com.redhat.rhsa:tst:20141976013
      • comment rpm-build-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141976014
    • AND
      • comment rpm-cron is earlier than 0:4.11.1-18.el7_0
        oval oval:com.redhat.rhsa:tst:20141976009
      • comment rpm-cron is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111349044
    • AND
      • comment rpm-devel is earlier than 0:4.11.1-18.el7_0
        oval oval:com.redhat.rhsa:tst:20141976015
      • comment rpm-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111349038
    • AND
      • comment rpm-libs is earlier than 0:4.11.1-18.el7_0
        oval oval:com.redhat.rhsa:tst:20141976019
      • comment rpm-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111349042
    • AND
      • comment rpm-python is earlier than 0:4.11.1-18.el7_0
        oval oval:com.redhat.rhsa:tst:20141976007
      • comment rpm-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111349036
    • AND
      • comment rpm-sign is earlier than 0:4.11.1-18.el7_0
        oval oval:com.redhat.rhsa:tst:20141976017
      • comment rpm-sign is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141976018
rhsa
id RHSA-2014:1976
released 2014-12-09
severity Important
title RHSA-2014:1976: rpm security update (Important)
rpms
  • rpm-0:4.11.1-18.el7_0
  • rpm-apidocs-0:4.11.1-18.el7_0
  • rpm-build-0:4.11.1-18.el7_0
  • rpm-build-libs-0:4.11.1-18.el7_0
  • rpm-cron-0:4.11.1-18.el7_0
  • rpm-devel-0:4.11.1-18.el7_0
  • rpm-libs-0:4.11.1-18.el7_0
  • rpm-python-0:4.11.1-18.el7_0
  • rpm-sign-0:4.11.1-18.el7_0
refmap via4
confirm http://advisories.mageia.org/MGASA-2014-0529.html
debian DSA-3129
gentoo GLSA-201811-22
mandriva
  • MDVSA-2014:251
  • MDVSA-2015:056
Last major update 10-09-2015 - 11:29
Published 16-12-2014 - 13:59
Last modified 29-11-2018 - 06:29
Back to Top