CVE-2013-6435
rpm - security update
EPSS 4.7%
Description
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
How to fix CVE-2013-6435
To remediate CVE-2013-6435, upgrade the affected package to a fixed version below.
- Debian/rpm—upgrade to 4.11.3-1.1 or later
- Debian/rpm—upgrade to 4.10.0-5+deb7u2 or later
Is CVE-2013-6435 being exploited?
Low — EPSS is 4.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.11.3-1.1
- from 0, < 4.10.0-5+deb7u2