CVE-2013-6435
EPSS 4.7%rpm - security update
發布日:2014/12/16修改日:2026/4/28
也稱為:DEBIAN-CVE-2013-6435
描述
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
受影響套件(2)
- Debian/rpmfrom 0, < 4.11.3-1.1
- Debian/rpmfrom 0, < 4.10.0-5+deb7u2