Lucene search

RedhatCVE-2010-2059

HistoryJun 08, 2010 - 6:30 p.m.

CVE-2010-2059

2010-06-0818:30:10

CWE-264

redhat

web.nvd.nist.gov

nvd

cve-2010-2059

rpm

lib/fsm.c

file replacement

privilege escalation

local users

executable file

metadata

setuid

setgid

vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

Percentile

10.1%

JSON

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

Affected configurations

Nvd

Node

rpmrpmRange≤4.4.2.3

rpmrpmMatch1.2

rpmrpmMatch1.3

rpmrpmMatch1.3.1

rpmrpmMatch1.4

rpmrpmMatch1.4.2

rpmrpmMatch1.4.2\/a

rpmrpmMatch1.4.3

rpmrpmMatch1.4.4

rpmrpmMatch1.4.5

rpmrpmMatch1.4.6

rpmrpmMatch1.4.7

rpmrpmMatch2..4.10

rpmrpmMatch2.0

rpmrpmMatch2.0.1

rpmrpmMatch2.0.2

rpmrpmMatch2.0.3

rpmrpmMatch2.0.4

rpmrpmMatch2.0.5

rpmrpmMatch2.0.6

rpmrpmMatch2.0.7

rpmrpmMatch2.0.8

rpmrpmMatch2.0.9

rpmrpmMatch2.0.10

rpmrpmMatch2.0.11

rpmrpmMatch2.1

rpmrpmMatch2.1.1

rpmrpmMatch2.1.2

rpmrpmMatch2.2

rpmrpmMatch2.2.1

rpmrpmMatch2.2.2

rpmrpmMatch2.2.3

rpmrpmMatch2.2.3.10

rpmrpmMatch2.2.3.11

rpmrpmMatch2.2.4

rpmrpmMatch2.2.5

rpmrpmMatch2.2.6

rpmrpmMatch2.2.7

rpmrpmMatch2.2.8

rpmrpmMatch2.2.9

rpmrpmMatch2.2.10

rpmrpmMatch2.2.11

rpmrpmMatch2.3

rpmrpmMatch2.3.1

rpmrpmMatch2.3.2

rpmrpmMatch2.3.3

rpmrpmMatch2.3.4

rpmrpmMatch2.3.5

rpmrpmMatch2.3.6

rpmrpmMatch2.3.7

rpmrpmMatch2.3.8

rpmrpmMatch2.3.9

rpmrpmMatch2.4.1

rpmrpmMatch2.4.2

rpmrpmMatch2.4.3

rpmrpmMatch2.4.4

rpmrpmMatch2.4.5

rpmrpmMatch2.4.6

rpmrpmMatch2.4.8

rpmrpmMatch2.4.9

rpmrpmMatch2.4.11

rpmrpmMatch2.4.12

rpmrpmMatch2.5

rpmrpmMatch2.5.1

rpmrpmMatch2.5.2

rpmrpmMatch2.5.3

rpmrpmMatch2.5.4

rpmrpmMatch2.5.5

rpmrpmMatch2.5.6

rpmrpmMatch2.6.7

rpmrpmMatch3.0

rpmrpmMatch3.0.1

rpmrpmMatch3.0.2

rpmrpmMatch3.0.3

rpmrpmMatch3.0.4

rpmrpmMatch3.0.5

rpmrpmMatch3.0.6

rpmrpmMatch4.0.

rpmrpmMatch4.0.1

rpmrpmMatch4.0.2

rpmrpmMatch4.0.3

rpmrpmMatch4.0.4

rpmrpmMatch4.1

rpmrpmMatch4.3.3

rpmrpmMatch4.4.2

rpmrpmMatch4.4.2.1

rpmrpmMatch4.4.2.2

Node

rpmrpmMatch4.6.0

rpmrpmMatch4.6.1

rpmrpmMatch4.7.0

rpmrpmMatch4.7.1

rpmrpmMatch4.7.2

rpmrpmMatch4.8.0

VendorProductVersionCPE
rpmrpm*cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
rpmrpm1.2cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*
rpmrpm1.3cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*
rpmrpm1.3.1cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*
rpmrpm1.4cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*
rpmrpm1.4.2cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*
rpmrpm1.4.2/acpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*
rpmrpm1.4.3cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*
rpmrpm1.4.4cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*
rpmrpm1.4.5cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rpm	rpm	*	cpe:2.3:a:rpm:rpm::::::::
rpm	rpm	1.2	cpe:2.3:a:rpm:rpm:1.2:::::::*
rpm	rpm	1.3	cpe:2.3:a:rpm:rpm:1.3:::::::*
rpm	rpm	1.3.1	cpe:2.3:a:rpm:rpm:1.3.1:::::::*
rpm	rpm	1.4	cpe:2.3:a:rpm:rpm:1.4:::::::*
rpm	rpm	1.4.2	cpe:2.3:a:rpm:rpm:1.4.2:::::::*
rpm	rpm	1.4.2/a	cpe:2.3:a:rpm:rpm:1.4.2\/a:::::::*
rpm	rpm	1.4.3	cpe:2.3:a:rpm:rpm:1.4.3:::::::*
rpm	rpm	1.4.4	cpe:2.3:a:rpm:rpm:1.4.4:::::::*
rpm	rpm	1.4.5	cpe:2.3:a:rpm:rpm:1.4.5:::::::*