[22990] in bugtraq
Re: Advisory: Corrupt RPM Query Vulnerability
daemon@ATHENA.MIT.EDU (Roman Drahtmueller)
Wed Oct 24 23:10:43 2001
Date: Wed, 24 Oct 2001 20:44:47 +0200 (MEST)
From: Roman Drahtmueller <draht@suse.de>
Reply-To: Roman Drahtmueller <draht@suse.de>
To: <bugtraq@securityfocus.com>
In-Reply-To: <Pine.LNX.4.33.0110250154240.4179-100000@clarity.local>
Message-ID: <Pine.LNX.4.33.0110242009490.24025-100000@dent.suse.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>
> Description: Arbitrary command executing on query of corrupt RPM files
> (note: you do not have to install the file to be affected)
>
>
> Severity: Very Low to Low
> (Unless running an lpd with no access restrictions,
> in which case, it may allow remote compromize.)
>
>
> Affects: rpm-4.0.2-7x
> probably also earlier 4.0.x rpm packages (*)
> Also affects other programs using rpm 4.0.x libraries,
> including rpm2html.
>
> (*) 3.0.x is not affected by _this_ fault, but that
> does not mean it is not affected by a similar
> problem. (Tested against RPM 3.0.3 on SuSE 6.2)
For verification:
SuSE Linux distributions use rpm in versions 3.0.3 (SuSE-6.3), 3.0.4
(SuSE-6.4,7.0) and 3.0.6 (SuSE-7.1+later) and are not vulnerable to this
specific problem.
Just a guess, without any claims of accuracy: Most Linux distributors use
a version of rpm in the 3-series as well. If you are unsure, use the
command "rpm -q rpm" to find out.
> -- zen-parse
>
> (Vendors were originally notified of the problem 12th August 2001)
Yes. Thank you!
Roman.
- --
- -
| Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, |
SuSE GmbH - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: http://www.suse.de/
iEYEARECAAYFAjvXDD4ACgkQnkDjEAAKq6SqOwCgk9D0sppUqB6CQOo0GTPL+OWT
GDgAn3Ne/C4gK/VO39P8aR87gJz1CE1l
=e9gi
-----END PGP SIGNATURE-----
