Bugtraq mailing list archives
Re: Advisory: Corrupt RPM Query Vulnerability
From: Roman Drahtmueller <draht () suse de>
Date: Wed, 24 Oct 2001 20:44:47 +0200 (MEST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Description: Arbitrary command executing on query of corrupt RPM files (note: you do not have to install the file to be affected) Severity: Very Low to Low (Unless running an lpd with no access restrictions, in which case, it may allow remote compromize.) Affects: rpm-4.0.2-7x probably also earlier 4.0.x rpm packages (*) Also affects other programs using rpm 4.0.x libraries, including rpm2html. (*) 3.0.x is not affected by _this_ fault, but that does not mean it is not affected by a similar problem. (Tested against RPM 3.0.3 on SuSE 6.2)
For verification: SuSE Linux distributions use rpm in versions 3.0.3 (SuSE-6.3), 3.0.4 (SuSE-6.4,7.0) and 3.0.6 (SuSE-7.1+later) and are not vulnerable to this specific problem. Just a guess, without any claims of accuracy: Most Linux distributors use a version of rpm in the 3-series as well. If you are unsure, use the command "rpm -q rpm" to find out.
-- zen-parse (Vendors were originally notified of the problem 12th August 2001)
Yes. Thank you! Roman. - -- - - | Roman Drahtmüller <draht () suse de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: http://www.suse.de/ iEYEARECAAYFAjvXDD4ACgkQnkDjEAAKq6SqOwCgk9D0sppUqB6CQOo0GTPL+OWT GDgAn3Ne/C4gK/VO39P8aR87gJz1CE1l =e9gi -----END PGP SIGNATURE-----
Current thread:
- Advisory: Corrupt RPM Query Vulnerability zen-parse (Oct 24)
- Re: Advisory: Corrupt RPM Query Vulnerability Roman Drahtmueller (Oct 24)