Your submission was sent successfully! Close

CVE-2013-6435

Published: 16 December 2014

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

Priority

Medium

Status

Package Release Status
rpm
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (4.9.1.1-1ubuntu0.3)
trusty
Released (4.11.1-3ubuntu0.1)
upstream
Released (4.11.3-1.1)
utopic
Released (4.11.2-3ubuntu0.1)