Executive Summary

Informations
NameCVE-2012-0061First vendor Publication2012-06-04
VendorCveLast vendor Modification2013-05-03

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0061

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20634
 
Oval ID: oval:org.mitre.oval:def:20634
Title: VMware vSphere and vCOps updates to third party libraries
Description: The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.
Family: unix Class: vulnerability
Reference(s): CVE-2012-0061
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application105

OpenVAS Exploits

DateDescription
2012-08-31Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-08-30Name : Fedora Update for rpm FEDORA-2012-5298
File : nvt/gb_fedora_2012_5298_rpm_fc17.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201206-26 (RPM)
File : nvt/glsa_201206_26.nasl
2012-08-03Name : Mandriva Update for rpm MDVSA-2012:056 (rpm)
File : nvt/gb_mandriva_MDVSA_2012_056.nasl
2012-07-30Name : CentOS Update for popt CESA-2012:0451 centos5
File : nvt/gb_CESA-2012_0451_popt_centos5.nasl
2012-07-30Name : CentOS Update for rpm CESA-2012:0451 centos6
File : nvt/gb_CESA-2012_0451_rpm_centos6.nasl
2012-04-23Name : Fedora Update for rpm FEDORA-2012-5420
File : nvt/gb_fedora_2012_5420_rpm_fc15.nasl
2012-04-23Name : Fedora Update for rpm FEDORA-2012-5421
File : nvt/gb_fedora_2012_5421_rpm_fc16.nasl
2012-04-05Name : RedHat Update for rpm RHSA-2012:0451-01
File : nvt/gb_RHSA-2012_0451-01_rpm.nasl

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-09-27IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-09-13IAVM : 2012-B-0086 - VMware vCenter Operations Arbitrary File Overwrite Vulnerability
Severity : Category I - VMSKEY : V0033791
2012-09-13IAVM : 2012-A-0146 - Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity : Category I - VMSKEY : V0033792
2012-09-13IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity : Category I - VMSKEY : V0033793
2012-09-13IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794

Nessus® Vulnerability Scanner

DateDescription
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-61.nasl - Type : ACT_GATHER_INFO
2013-07-29Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2012-0013.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0451.nasl - Type : ACT_GATHER_INFO
2013-06-17Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-06-05Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_popt-120419.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_popt-120420.nasl - Type : ACT_GATHER_INFO
2013-01-18Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1695-1.nasl - Type : ACT_GATHER_INFO
2012-08-31Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120403_rpm_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-26.nasl - Type : ACT_GATHER_INFO
2012-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2012-5420.nasl - Type : ACT_GATHER_INFO
2012-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2012-5421.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote Fedora host is missing a security update.
File : fedora_2012-5298.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-056.nasl - Type : ACT_GATHER_INFO
2012-04-04Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0451.nasl - Type : ACT_GATHER_INFO
2012-04-04Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0451.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/52865
CONFIRMhttp://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e00528...
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00...
http://rpm.org/wiki/Releases/4.9.1.3
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html
MISChttps://bugzilla.redhat.com/show_bug.cgi?id=798585
OSVDBhttp://www.osvdb.org/81010
REDHAThttp://rhn.redhat.com/errata/RHSA-2012-0451.html
http://rhn.redhat.com/errata/RHSA-2012-0531.html
SECTRACKhttp://www.securitytracker.com/id?1026882
SECUNIAhttp://secunia.com/advisories/48651
http://secunia.com/advisories/48716
http://secunia.com/advisories/49110
SUSEhttps://hermes.opensuse.org/messages/14440932
https://hermes.opensuse.org/messages/14441362
UBUNTUhttp://www.ubuntu.com/usn/USN-1695-1
XFhttp://xforce.iss.net/xforce/xfdb/74583

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2014-02-17 11:06:53
  • Multiple Updates
2013-11-11 12:39:42
  • Multiple Updates
2013-05-10 22:31:05
  • Multiple Updates
2013-05-04 17:19:44
  • Multiple Updates
2013-02-07 13:19:58
  • Multiple Updates
2012-12-06 13:20:02
  • Multiple Updates