Computer Security
[EN] securityvulns.ru no-pyccku


RPM security vulnerabilities
Published:22.12.2014
Source:
SecurityVulns ID:14166
Type:local
Threat Level:
5/10
Description:Integer oveflow, code execution.
Affected:RPM : RPM 4.12
CVE:CVE-2014-8118 (Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.)
 CVE-2013-6435 (Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:251 ] rpm (22.12.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod