[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2059Date: (C)2010-06-08   (M)2023-12-22


lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://www.securityfocus.com/archive/1/516909/100/0/threaded
SECUNIA-40028
OSVDB-65143
ADV-2011-0606
MDVSA-2010:180
RHSA-2010:0679
SUSE-SR:2010:014
SUSE-SR:2010:017
http://www.openwall.com/lists/oss-security/2010/06/02/2
http://www.openwall.com/lists/oss-security/2010/06/02/3
http://marc.info/?l=oss-security&m=127559059928131&w=2
http://www.openwall.com/lists/oss-security/2010/06/04/1
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz
http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
https://bugzilla.redhat.com/show_bug.cgi?id=125517
https://bugzilla.redhat.com/show_bug.cgi?id=598775

CWE    1
CWE-264
OVAL    9
oval:org.secpod.oval:def:201762
oval:org.secpod.oval:def:201743
oval:org.secpod.oval:def:500300
oval:org.secpod.oval:def:200102
...

© SecPod Technologies