VULHUB ™

A vulnerability has been reported for the RPM Package Manager. The problem occurs when using the utility to access FTP listings on a remote server. It has been reported that when processing NLST data from the server, RPM fails to sufficiently handle the size of data returned. Due to subsequent calculations, insufficient data may be allocated for storage of the NLST data. This may result in excessive data being copied into insufficient memory. It should be noted that this issue presents itself when NLST data in excess of 1 gigabyte is received. As such, exploitation of this issue will inevitabely result in the exhaustion of available resources, followed by a segmentation violation. Also, due to the excessive amount of data copied to, the exploitability of this issue to execute code may not be plausible.

A vulnerability has been reported for the RPM Package Manager. The problem occurs when using the utility to access FTP listings on a remote server. It has been reported that when processing NLST data from the server, RPM fails to sufficiently handle the size of data returned. Due to subsequent calculations, insufficient data may be allocated for storage of the NLST data. This may result in excessive data being copied into insufficient memory. It should be noted that this issue presents itself when NLST data in excess of 1 gigabyte is received. As such, exploitation of this issue will inevitabely result in the exhaustion of available resources, followed by a segmentation violation. Also, due to the excessive amount of data copied to, the exploitability of this issue to execute code may not be plausible.