CVE-2013-6435

CVSS V2 High 7.6 CVSS V3 None
Description
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
Overview
  • CVE ID
  • CVE-2013-6435
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2014-12-16T18:59:00
  • Last Modified Date
  • 2023-02-13T00:29:15
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:* 1 OR 4.11.1
cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.5.90:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.6.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.6.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.6.0:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.6.0:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.8.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.9.0:alpha:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.9.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.9.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.9.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.9.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.9.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.10.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.10.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rpm:rpm:4.10.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:H/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • HIGH
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.6
  • Severity
  • HIGH
  • Exploitability Score
  • 4.9
  • Impact Score
  • 10
History
Created Old Value New Value Data Type Notes
2022-05-10 17:51:36 Added to TrackCVE
2022-12-02 02:44:16 2014-12-16T18:59Z 2014-12-16T18:59:00 CVE Published Date updated
2022-12-02 02:44:16 2018-11-29T11:29:00 CVE Modified Date updated
2022-12-02 02:44:16 Modified Vulnerability Status updated
2023-02-02 21:04:51 2023-02-02T20:15:48 CVE Modified Date updated
2023-02-02 21:04:51 Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. Description updated
2023-02-02 21:04:57 References updated
2023-02-13 01:05:39 2023-02-13T00:29:15 CVE Modified Date updated
2023-02-13 01:05:40 It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. Description updated