Re: Advisory: Corrupt RPM Query Vulnerability

[Roman Drahtmueller <draht () suse de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Description: Arbitrary command executing on query of corrupt RPM files
>              (note: you do not have to install the file to be affected)
>
>
> Severity: Very Low to Low
>           (Unless running an lpd with no access restrictions,
>           in which case, it may allow remote compromize.)
>
>
> Affects: rpm-4.0.2-7x
>          probably also earlier 4.0.x rpm packages (*)
>          Also affects other programs using rpm 4.0.x libraries,
>          including rpm2html.
>
> (*) 3.0.x is not affected by _this_ fault, but that
>     does not mean it is not affected by a similar
>     problem. (Tested against RPM 3.0.3 on SuSE 6.2)

For verification:

SuSE Linux distributions use rpm in versions 3.0.3 (SuSE-6.3), 3.0.4
(SuSE-6.4,7.0) and 3.0.6 (SuSE-7.1+later) and are not vulnerable to this
specific problem.

Just a guess, without any claims of accuracy: Most Linux distributors use
a version of rpm in the 3-series as well. If you are unsure, use the
command "rpm -q rpm" to find out.

> -- zen-parse
>
> (Vendors were originally notified of the problem 12th August 2001)

Yes. Thank you!
Roman.
- -- 
 -                                                                      -
| Roman Drahtmüller      <draht () suse de> // "You don't need eyes to see, |
  SuSE GmbH - Security           Phone: //             you need vision!"
| Nürnberg, Germany     +49-911-740530 //           Maxi Jazz, Faithless |
 -                                                                      -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: http://www.suse.de/  

iEYEARECAAYFAjvXDD4ACgkQnkDjEAAKq6SqOwCgk9D0sppUqB6CQOo0GTPL+OWT
GDgAn3Ne/C4gK/VO39P8aR87gJz1CE1l
=e9gi
-----END PGP SIGNATURE-----