October 25, 2001

Corrupt RPM query vulnerability

Author: JT Smith

Posted at Help Net Security: "It is possible to create an RPM (Redhat Package Management) file
with 'corrupted' data that will cause arbitrary code to execute
when the file is queried. (eg: an rpm utility is used to gain
information about the contents of the file, such as version, build
date etc, when checking the file for corruptions against the stored
MD5 sum, etc. )"


  • Linux
Click Here!