2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2021-20271" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2021-03-26T17:15:13.000" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T05:46:15.240" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability."
} ,
{
"lang" : "es" ,
"value" : "Se detect\u00f3 un fallo en la funcionalidad de comprobaci\u00f3n de firmas de RPM cuando se lee un archivo de paquete. Este fallo permite a un atacante que pueda convencer a una v\u00edctima de instalar un paquete aparentemente verificable, cuyo encabezado de firma fue modificado, causar una corrupci\u00f3n de la base de datos de RPM y ejecutar c\u00f3digo. La mayor amenaza de esta vulnerabilidad es la integridad de los datos, la confidencialidad y la disponibilidad del sistema."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.0 ,
"baseSeverity" : "HIGH" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "LOCAL" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 1.0 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 5.1 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "HIGH" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "PARTIAL"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 4.9 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
} ,
"weaknesses" : [
{
"source" : "secalert@redhat.com" ,
2024-12-15 03:03:56 +00:00
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-345"
}
]
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-345"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.15.0" ,
"versionEndExcluding" : "4.15.1.3" ,
"matchCriteriaId" : "5017E785-D9A4-40BE-ADD8-4421BB138131"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.16.0" ,
"versionEndExcluding" : "4.16.1.3" ,
"matchCriteriaId" : "F22989FC-E9C0-4189-BDFE-69346C3F8495"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rpm:rpm:4.15.0:alpha:*:*:*:*:*:*" ,
"matchCriteriaId" : "6E77F834-98D9-45CA-A442-97362CEAB09C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rpm:rpm:4.15.0:beta1:*:*:*:*:*:*" ,
"matchCriteriaId" : "40503D12-35BC-4515-A293-F39A37B23A38"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rpm:rpm:4.15.0:rc1:*:*:*:*:*:*" ,
"matchCriteriaId" : "19299515-DF82-48A3-BA65-0DE705E75CA5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rpm:rpm:4.16.0:alpha:*:*:*:*:*:*" ,
"matchCriteriaId" : "0565E985-6BD3-45E1-928C-B67E18B7B56E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rpm:rpm:4.16.0:beta2:*:*:*:*:*:*" ,
"matchCriteriaId" : "96BDFF27-D2ED-48F9-91FB-377D1244A0A0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rpm:rpm:4.16.0:beta3:*:*:*:*:*:*" ,
"matchCriteriaId" : "EA51C420-EFCB-4068-A981-E99722C5FAD7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rpm:rpm:4.16.0:rc1:*:*:*:*:*:*" ,
"matchCriteriaId" : "653B69E5-0E47-49EF-AD3D-218C86252E7C"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F4CFF558-3C47-480D-A2F0-BABF26042943"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "36D96259-24BD-44E2-96D9-78CE1D41F956"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E460AA51-FCDA-46B9-AE97-E6676AA5E194"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A930E247-0B43-43CB-98FF-6CE7B8189835"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14398:*:*:*:*:*:*" ,
"matchCriteriaId" : "2561CD5F-82A9-464E-B571-44634187B497"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1934125" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Issue Tracking" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://security.gentoo.org/glsa/202107-43" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.starwindsoftware.com/security/sw-20220805-0002/" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1934125" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Issue Tracking" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://security.gentoo.org/glsa/202107-43" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.starwindsoftware.com/security/sw-20220805-0002/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
