CVE-2013-6435
Description
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
Risk Information
Base Score
10.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
5.085
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| package manager for RPM (USN-2479-1) rpm_4.11.1-3ubuntu0.1_i386.deb | Linux |
| package manager for RPM (USN-2479-1) rpm_4.11.1-3ubuntu0.1_amd64.deb | Linux |
| rpm security update(DSA-3129-1) rpm_4.10.0-5+deb7u2_i386.deb | Linux |
| (RHSA-2014:1975) Important: rpm security update popt-1.10.2.3-34.el5_9.i386.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-4.4.2.3-34.el5_9.i386.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-4.8.0-38.el6_5.i686.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-apidocs-4.4.2.3-34.el5_9.i386.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-apidocs-4.8.0-38.el6_5.noarch.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-build-4.4.2.3-34.el5_9.i386.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-build-4.8.0-38.el6_5.i686.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-cron-4.8.0-38.el6_5.noarch.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-devel-4.4.2.3-34.el5_9.i386.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-devel-4.8.0-38.el6_5.i686.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-libs-4.4.2.3-34.el5_9.i386.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-libs-4.8.0-38.el6_5.i686.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-python-4.4.2.3-34.el5_9.i386.rpm | Linux |
| (RHSA-2014:1975) Important: rpm security update rpm-python-4.8.0-38.el6_5.i686.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-4.11.1-18.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-apidocs-4.11.1-18.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-build-4.11.1-18.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-build-libs-4.11.1-18.el7_0.i686.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-build-libs-4.11.1-18.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-cron-4.11.1-18.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-devel-4.11.1-18.el7_0.i686.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-devel-4.11.1-18.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-libs-4.11.1-18.el7_0.i686.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-libs-4.11.1-18.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-python-4.11.1-18.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1976) Important: rpm security update rpm-sign-4.11.1-18.el7_0.x86_64.rpm | Linux |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability (CVE-2013-6435) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234