oss-sec mailing list archives
Re: Two rpm flaws
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 09 Dec 2014 18:15:43 +0100
On 12/09/2014 03:04 PM, Yves-Alexis Perez wrote:
On mar., 2014-12-09 at 18:32 +0530, Huzaifa Sidhpurwala wrote:CVE-2014-8118: It was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1168715Do you know if the other CPIO implementations/parsers are affected by this?
It's in the name length handling code. The bug is rather similar to CVE-2014-9112 in GNU cpio (which prompted me to look at RPM for a similar issue).
-- Florian Weimer / Red Hat Product Security
Current thread:
- Two rpm flaws Huzaifa Sidhpurwala (Dec 09)
- Re: Two rpm flaws Yves-Alexis Perez (Dec 09)
- Re: Two rpm flaws Florian Weimer (Dec 09)
- Re: Two rpm flaws Yves-Alexis Perez (Dec 09)