Detections
Analytics
Mandriva Linux Security Advisory : rpm (MDVSA-2015:056)
critical Nessus Plugin ID 81939
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Updated rpm packages fix security vulnerabilities :It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely.
Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation (CVE-2013-6435).
It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation (CVE-2014-8118).
Solution
Update the affected packages.See Also
Plugin Details
Severity: Critical
ID: 81939
File Name: mandriva_MDVSA-2015-056.nasl
Version: 1.4
Type: local
Family: Mandriva Local Security Checks
Published: 3/19/2015
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:rpm, p-cpe:/a:mandriva:linux:python-rpm, p-cpe:/a:mandriva:linux:rpm-build, p-cpe:/a:mandriva:linux:lib64rpm-devel, p-cpe:/a:mandriva:linux:rpm-sign, p-cpe:/a:mandriva:linux:lib64rpmsign3, cpe:/o:mandriva:business_server:2, p-cpe:/a:mandriva:linux:lib64rpm3, p-cpe:/a:mandriva:linux:lib64rpmbuild3
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 3/9/2015
Reference Information
CVE: CVE-2013-6435, CVE-2014-8118
MDVSA: 2015:056