QwikSec

Security Database

CVE

CWE

Training

CVE-2005-4889

Published: Jun 8, 2010

Modified: Aug 8, 2024

PUBLISHED

Description

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

https://bugzilla.redhat.com/show_bug.cgi?id=598775

x_refsource_CONFIRM

rpm-setgid-privilege-escalation(59426)

vdb-entry

x_refsource_XF

https://bugzilla.redhat.com/show_bug.cgi?id=125517

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.