The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability bulletin CVE-2012-6088

rpm: invalid check of signature

Synthesis of the vulnerability

An attacker can create a specially malformed rpm archive, with an invalid signature, but which is not detected, so an attacker can invite the administrator to install a malicious rpm.
Impacted products: Unix (platform).
Severity: 2/4.
Creation date: 04/01/2013.
Identifiers: BID-57138, CERTA-2013-AVI-004, CVE-2012-6088, VIGILANCE-VUL-12283.

Description of the vulnerability

The rpm tool is used to install packages on the system.

The rpmpkgRead() function of the lib/package.c file checks the signature of the package, before installing it. This function calls parsePGPSig() to decode the signature. When the signature is malformed, this function returns an error, but the integer storing the error code is not set to RPMRC_FAIL. The rpmpkgRead() function then uses the value RPMRC_OK, which means that the signature is valid.

An attacker can therefore create a specially malformed rpm archive, with an invalid signature, but which is not detected, so an attacker can invite the administrator to install a malicious rpm.
Complete Vigil@nce bulletin.... (free trial)

Computer vulnerabilities tracking service

Vigil@nce provides an applications vulnerabilities management. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.