Lucene search

RedhatCVE-2013-6435

HistoryDec 16, 2014 - 6:59 p.m.

CVE-2013-6435

2014-12-1618:59:00

CWE-74

redhat

web.nvd.nist.gov

126

cve-2013-6435

rpm

race condition

remote code execution

nvd

vulnerability

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.091

Percentile

94.7%

JSON

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

Affected configurations

Nvd

Node

rpmrpmRange≤4.11.1

rpmrpmMatch1.2

rpmrpmMatch1.3

rpmrpmMatch1.3.1

rpmrpmMatch1.4

rpmrpmMatch1.4.1

rpmrpmMatch1.4.2

rpmrpmMatch1.4.2\/a

rpmrpmMatch1.4.3

rpmrpmMatch1.4.4

rpmrpmMatch1.4.5

rpmrpmMatch1.4.6

rpmrpmMatch1.4.7

rpmrpmMatch2.0

rpmrpmMatch2.0.1

rpmrpmMatch2.0.2

rpmrpmMatch2.0.3

rpmrpmMatch2.0.4

rpmrpmMatch2.0.5

rpmrpmMatch2.0.6

rpmrpmMatch2.0.7

rpmrpmMatch2.0.8

rpmrpmMatch2.0.9

rpmrpmMatch2.0.10

rpmrpmMatch2.0.11

rpmrpmMatch2.1

rpmrpmMatch2.1.1

rpmrpmMatch2.1.2

rpmrpmMatch2.2

rpmrpmMatch2.2.1

rpmrpmMatch2.2.2

rpmrpmMatch2.2.3

rpmrpmMatch2.2.3.10

rpmrpmMatch2.2.3.11

rpmrpmMatch2.2.4

rpmrpmMatch2.2.5

rpmrpmMatch2.2.6

rpmrpmMatch2.2.7

rpmrpmMatch2.2.8

rpmrpmMatch2.2.9

rpmrpmMatch2.2.10

rpmrpmMatch2.2.11

rpmrpmMatch2.3

rpmrpmMatch2.3.1

rpmrpmMatch2.3.2

rpmrpmMatch2.3.3

rpmrpmMatch2.3.4

rpmrpmMatch2.3.5

rpmrpmMatch2.3.6

rpmrpmMatch2.3.7

rpmrpmMatch2.3.8

rpmrpmMatch2.3.9

rpmrpmMatch2.4.1

rpmrpmMatch2.4.2

rpmrpmMatch2.4.3

rpmrpmMatch2.4.4

rpmrpmMatch2.4.5

rpmrpmMatch2.4.6

rpmrpmMatch2.4.8

rpmrpmMatch2.4.9

rpmrpmMatch2.4.11

rpmrpmMatch2.4.12

rpmrpmMatch2.5

rpmrpmMatch2.5.1

rpmrpmMatch2.5.2

rpmrpmMatch2.5.3

rpmrpmMatch2.5.4

rpmrpmMatch2.5.5

rpmrpmMatch2.5.6

rpmrpmMatch2.6.7

rpmrpmMatch3.0

rpmrpmMatch3.0.1

rpmrpmMatch3.0.2

rpmrpmMatch3.0.3

rpmrpmMatch3.0.4

rpmrpmMatch3.0.5

rpmrpmMatch3.0.6

rpmrpmMatch4.0.

rpmrpmMatch4.0.1

rpmrpmMatch4.0.2

rpmrpmMatch4.0.3

rpmrpmMatch4.0.4

rpmrpmMatch4.1

rpmrpmMatch4.3.3

rpmrpmMatch4.4.2.1

rpmrpmMatch4.4.2.2

rpmrpmMatch4.4.2.3

rpmrpmMatch4.5.90

rpmrpmMatch4.6.0

rpmrpmMatch4.6.0rc1

rpmrpmMatch4.6.0rc2

rpmrpmMatch4.6.0rc3

rpmrpmMatch4.6.0rc4

rpmrpmMatch4.6.1

rpmrpmMatch4.7.0

rpmrpmMatch4.7.1

rpmrpmMatch4.7.2

rpmrpmMatch4.8.0

rpmrpmMatch4.8.1

rpmrpmMatch4.9.0

rpmrpmMatch4.9.0alpha

rpmrpmMatch4.9.0beta1

rpmrpmMatch4.9.0rc1

rpmrpmMatch4.9.1

rpmrpmMatch4.9.1.1

rpmrpmMatch4.9.1.2

rpmrpmMatch4.10.0

rpmrpmMatch4.10.1

rpmrpmMatch4.10.2

Node

debiandebian_linuxMatch7.0

VendorProductVersionCPE
rpmrpm*cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
rpmrpm1.2cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*
rpmrpm1.3cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*
rpmrpm1.3.1cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*
rpmrpm1.4cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*
rpmrpm1.4.1cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:*
rpmrpm1.4.2cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*
rpmrpm1.4.2/acpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*
rpmrpm1.4.3cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*
rpmrpm1.4.4cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rpm	rpm	*	cpe:2.3:a:rpm:rpm::::::::
rpm	rpm	1.2	cpe:2.3:a:rpm:rpm:1.2:::::::*
rpm	rpm	1.3	cpe:2.3:a:rpm:rpm:1.3:::::::*
rpm	rpm	1.3.1	cpe:2.3:a:rpm:rpm:1.3.1:::::::*
rpm	rpm	1.4	cpe:2.3:a:rpm:rpm:1.4:::::::*
rpm	rpm	1.4.1	cpe:2.3:a:rpm:rpm:1.4.1:::::::*
rpm	rpm	1.4.2	cpe:2.3:a:rpm:rpm:1.4.2:::::::*
rpm	rpm	1.4.2/a	cpe:2.3:a:rpm:rpm:1.4.2\/a:::::::*
rpm	rpm	1.4.3	cpe:2.3:a:rpm:rpm:1.4.3:::::::*
rpm	rpm	1.4.4	cpe:2.3:a:rpm:rpm:1.4.4:::::::*