Vigil@nce: rpm, two vulnerabilities
October 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to check the signature of a
malicious RPM archive, in order to execute code on his computer.
– Severity: 2/4
– Creation date: 28/09/2011
IMPACTED PRODUCTS
– Fedora
– Mandriva Enterprise Server
– Mandriva Linux
– Red Hat Enterprise Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
A RPM archive contains a software to install. The rpm tool checks
the signature of the archive, before accepting to install the
software. However, the signature checking feature is impacted by
two vulnerabilities.
A RPM file containing a large header value creates a buffer
overflow in the headerLoad() function. [severity:2/4; 741606]
A RPM file containing an invalid signature creates a buffer
overflow in the copyTdEntry() function. [severity:2/4; 741612]
An attacker can therefore invite the victim to check the signature
of a malicious RPM archive, in order to execute code on his
computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/rpm-two-vulnerabilities-11019