VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2011-3378
rpm: RPM 4.4.x through 4.9.x, probably before 4.9.1.2, a...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3378

Original

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2011-12-24
Source Information Category:
Advisory, Alert
Last Updated:
2011-12-26




Affected Product Tags
cpe:/a:rpm:rpm:4.4.2
cpe:/a:rpm:rpm:4.4.2.
cpe:/a:rpm:rpm:4.4.2.1
cpe:/a:rpm:rpm:4.4.2.2
cpe:/a:rpm:rpm:4.4.2.3
cpe:/a:rpm:rpm:4.6.0
cpe:/a:rpm:rpm:4.6.1
cpe:/a:rpm:rpm:4.7.0
cpe:/a:rpm:rpm:4.7.1
cpe:/a:rpm:rpm:4.7.2
cpe:/a:rpm:rpm:4.8.0
cpe:/a:rpm:rpm:4.9.1.1 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=741612




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=741606




CONFIRM http://rpm.org/wiki/Releases/4.9.1.2#Security




CONFIRM http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656




CONFIRM http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f




MANDRIVA MDVSA-2011:143




MLIST [oss-security] 20110927 rpm/librpm/rpm-python memory corruption pre-verification




REDHAT RHSA-2011:1349




SUSE SUSE-SU-2011:1140




SUSE openSUSE-SU-2011:1203




Vulnerability Type Code Injection (CWE-94)




Copyright © 2011 JPCERT/CC All Rights Reserved.