CVE-2013-6435

EUVD-2013-6245
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
rpmrpm
𝑥
≤ 4.11.1
rpmrpm
1.2
rpmrpm
1.3
rpmrpm
1.3.1
rpmrpm
1.4
rpmrpm
1.4.1
rpmrpm
1.4.2
rpmrpm
1.4.2\/a
rpmrpm
1.4.3
rpmrpm
1.4.4
rpmrpm
1.4.5
rpmrpm
1.4.6
rpmrpm
1.4.7
rpmrpm
2.0
rpmrpm
2.0.1
rpmrpm
2.0.2
rpmrpm
2.0.3
rpmrpm
2.0.4
rpmrpm
2.0.5
rpmrpm
2.0.6
rpmrpm
2.0.7
rpmrpm
2.0.8
rpmrpm
2.0.9
rpmrpm
2.0.10
rpmrpm
2.0.11
rpmrpm
2.1
rpmrpm
2.1.1
rpmrpm
2.1.2
rpmrpm
2.2
rpmrpm
2.2.1
rpmrpm
2.2.2
rpmrpm
2.2.3
rpmrpm
2.2.3.10
rpmrpm
2.2.3.11
rpmrpm
2.2.4
rpmrpm
2.2.5
rpmrpm
2.2.6
rpmrpm
2.2.7
rpmrpm
2.2.8
rpmrpm
2.2.9
rpmrpm
2.2.10
rpmrpm
2.2.11
rpmrpm
2.3
rpmrpm
2.3.1
rpmrpm
2.3.2
rpmrpm
2.3.3
rpmrpm
2.3.4
rpmrpm
2.3.5
rpmrpm
2.3.6
rpmrpm
2.3.7
rpmrpm
2.3.8
rpmrpm
2.3.9
rpmrpm
2.4.1
rpmrpm
2.4.2
rpmrpm
2.4.3
rpmrpm
2.4.4
rpmrpm
2.4.5
rpmrpm
2.4.6
rpmrpm
2.4.8
rpmrpm
2.4.9
rpmrpm
2.4.11
rpmrpm
2.4.12
rpmrpm
2.5
rpmrpm
2.5.1
rpmrpm
2.5.2
rpmrpm
2.5.3
rpmrpm
2.5.4
rpmrpm
2.5.5
rpmrpm
2.5.6
rpmrpm
2.6.7
rpmrpm
3.0
rpmrpm
3.0.1
rpmrpm
3.0.2
rpmrpm
3.0.3
rpmrpm
3.0.4
rpmrpm
3.0.5
rpmrpm
3.0.6
rpmrpm
4.0.
rpmrpm
4.0.1
rpmrpm
4.0.2
rpmrpm
4.0.3
rpmrpm
4.0.4
rpmrpm
4.1
rpmrpm
4.3.3
rpmrpm
4.4.2.1
rpmrpm
4.4.2.2
rpmrpm
4.4.2.3
rpmrpm
4.5.90
rpmrpm
4.6.0
rpmrpm
4.6.0:rc1
rpmrpm
4.6.0:rc2
rpmrpm
4.6.0:rc3
rpmrpm
4.6.0:rc4
rpmrpm
4.6.1
rpmrpm
4.7.0
rpmrpm
4.7.1
rpmrpm
4.7.2
rpmrpm
4.8.0
rpmrpm
4.8.1
rpmrpm
4.9.0
rpmrpm
4.9.0:alpha
rpmrpm
4.9.0:beta1
rpmrpm
4.9.0:rc1
rpmrpm
4.9.1
rpmrpm
4.9.1.1
rpmrpm
4.9.1.2
rpmrpm
4.10.0
rpmrpm
4.10.1
rpmrpm
4.10.2
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rpm
bookworm
4.18.0+dfsg-1+deb12u1
fixed
bullseye
4.16.1.2+dfsg1-3
fixed
sid
4.20.0+dfsg-3
fixed
trixie
4.20.0+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rpm
lucid
ignored
precise
Fixed 4.9.1.1-1ubuntu0.3
released
trusty
Fixed 4.11.1-3ubuntu0.1
released
utopic
Fixed 4.11.2-3ubuntu0.1
released
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0529.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://rhn.redhat.com/errata/RHSA-2014-1974.html
http://rhn.redhat.com/errata/RHSA-2014-1975.html
http://rhn.redhat.com/errata/RHSA-2014-1976.html
http://www.debian.org/security/2015/dsa-3129
http://www.mandriva.com/security/advisories?name=MDVSA-2014:251
http://www.mandriva.com/security/advisories?name=MDVSA-2015:056
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/71558
https://bugzilla.redhat.com/show_bug.cgi?id=1039811
https://security.gentoo.org/glsa/201811-22
https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/
http://advisories.mageia.org/MGASA-2014-0529.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://rhn.redhat.com/errata/RHSA-2014-1974.html
http://rhn.redhat.com/errata/RHSA-2014-1975.html
http://rhn.redhat.com/errata/RHSA-2014-1976.html
http://www.debian.org/security/2015/dsa-3129
http://www.mandriva.com/security/advisories?name=MDVSA-2014:251
http://www.mandriva.com/security/advisories?name=MDVSA-2015:056
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/71558
https://bugzilla.redhat.com/show_bug.cgi?id=1039811
https://security.gentoo.org/glsa/201811-22
https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/