rpm payloads

About this tag
The tag 'rpm payloads' covers discussions about the data archives inside RPM package files, particularly their security implications. A key topic is CVE-2010-4226, a vulnerability where cpio, historically used by RPM to extract payloads, mishandled symbolic links. This allowed crafted RPM payloads to overwrite arbitrary files via symlink attacks, potentially compromising system integrity. The content focuses on the technical details of this flaw, its exploitation, and its relevance to Linux package management security. Users exploring this tag will find information on RPM payload structure, cpio extraction behavior, and historical vulnerabilities affecting package installation.
  1. CVE-2010-4226: Symlink Attacks in cpio Used by RPM Payloads

    cpio’s handling of symbolic links in certain historical builds opened a deceptively simple attack vector: crafted RPM payloads that leverage symlinks to overwrite arbitrary files on extraction, a flaw tracked as CVE-2010-4226 and documented in multiple vulnerability databases and vendor...