CVE-2013-6435

EPSS 4.7%

rpm - security update

Published: 12/16/2014Modified: 4/28/2026

Description

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.

Affected packages (2)

Debian/rpmfrom 0, < 4.11.3-1.1
Debian/rpmfrom 0, < 4.10.0-5+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-6435