Back to search
CVE-2010-2059
Published: Jun 8, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2010:0679
vendor-advisory
x_refsource_REDHAT
ADV-2011-0606
vdb-entry
x_refsource_VUPEN
65143
vdb-entry
x_refsource_OSVDB
40028
third-party-advisory
x_refsource_SECUNIA
MDVSA-2010:180
vendor-advisory
x_refsource_MANDRIVA
[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)
mailing-list
x_refsource_MLIST
SUSE-SR:2010:017
vendor-advisory
x_refsource_SUSE
SUSE-SR:2010:014
vendor-advisory
x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=598775
x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=125517
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now