Rapid7 Vulnerability & Exploit Database

RHSA-2012:0410: raptor security update

Back to Search

RHSA-2012:0410: raptor security update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
03/22/2012
Created
07/25/2018
Added
03/30/2012
Modified
07/04/2017

Description

Raptor provides parsers for Resource Description Framework (RDF) files.An XML External Entity expansion flaw was found in the way Raptor processedRDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running theapplication had access to. A bug in the way Raptor handled externalentities could cause that application to crash or, possibly, executearbitrary code with the privileges of the user running the application.(CVE-2012-0037)Red Hat would like to thank Timothy D. Morgan of VSR for reporting thisissue.All Raptor users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. All running applicationslinked against Raptor must be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-raptor
  • redhat-upgrade-raptor-debuginfo
  • redhat-upgrade-raptor-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;