rpm software vulnerabilities
vulnerabilities.aspcode.net
Searching rpm software vulnerabilities
Insecure directory permissions in RPM distribut
distribution
|
permissions
|
PostgreSQL
|
privileges
|
directory
|
plaintext
|
Insecure
|
password
|
reading
|
allows
|
local
|
users
|
file
|
gain
|
RPM
|
Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.
Helix GNOME Updater helix-update 0.5 and earlie
/tmp/helix-install
|
helix-update
|
installation
|
installing
|
arbitrary
|
directory
|
packages
|
creating
|
earlier
|
Updater
|
install
|
before
|
allows
|
Helix
|
begun
|
users
|
local
|
GNOME
|
root
|
RPM
|
has
|
Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.
Webmin 0.92, when installed from an RPM, create
Webmin
|
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
The default --checksig setting in RPM Package M
--checksig
|
Package
|
Manager
|
default
|
setting
|
RPM
|
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.
up2date 3.0.7 and 3.1.23 does not properly veri
up2date
|
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
The RPM installation of SAP DB 7.x creates the
installation
|
creates
|
SAP
|
RPM
|
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
Java Runtime Environment (JRE) and Software Dev
Environment
|
Runtime
|
Java
|
Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.
Multiple buffer overflows in RealOne Player, Re
Enterprise
|
RealPlayer
|
attackers
|
malformed
|
overflows
|
arbitrary
|
Multiple
|
execute
|
RealOne
|
Desktop
|
Player
|
buffer
|
remote
|
allow
|
code
|
via
|
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
Heap-based buffer overflow in the showQueryPack
showQueryPackage
|
Heap-based
|
function
|
overflow
|
Package
|
Manager
|
buffer
|
librpm
|
RPM
|
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.
Red Hat Enterprise Linux (RHEL) 5 ships the rpm
Enterprise
|
Linux
|
Red
|
Hat
|
Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.
Software vulnerabilities results 1 to 11 of 11
Page:
1