what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2012-0815

Status Candidate

Overview

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.

Related Files

Ubuntu Security Notice USN-1695-1
Posted Jan 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1695-1 - It was discovered that RPM incorrectly handled certain package headers. If a user or automated system were tricked into installing a specially crafted RPM package, an attacker could cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3378, CVE-2012-0060, CVE-2012-0061, CVE-2012-0815
SHA-256 | 6ed9935c9f025dd952fa66e4029346a68a2ebc1e3fc480dae4564c72c2376d6b
Gentoo Linux Security Advisory 201206-26
Posted Jun 25, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-26 - Multiple vulnerabilities have been found in RPM, possibly allowing local attackers to gain elevated privileges or remote attackers to execute arbitrary code. Versions less than 4.9.1.3 are affected.

tags | advisory, remote, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2010-2059, CVE-2010-2197, CVE-2010-2198, CVE-2010-2199, CVE-2011-3378, CVE-2012-0060, CVE-2012-0061, CVE-2012-0815
SHA-256 | ab1825cda7c1f6e700c1cf9925ad6cba5cb080ac3b1c27843cc194156b51709d
Mandriva Linux Security Advisory 2012-056
Posted Apr 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-056 - Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0815, CVE-2012-0060, CVE-2012-0061
SHA-256 | 3cce8f594ce82a2d7bc2edb723cc43de307c29149602c95cb21180eb1ae8a462
Red Hat Security Advisory 2012-0451-01
Posted Apr 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0451-01 - The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2012-0060, CVE-2012-0061, CVE-2012-0815
SHA-256 | d797f3fc256507eacc48716717d15d5fd6983e28a36101b9b64789629fbc8c65
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close