CVE-2010-2198

2022-10-0316:21:08

Debian Security Bug Tracker

security-tracker.debian.org

rpm package

local users

privilege escalation

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.1%

JSON

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

OSVersionArchitecturePackageVersionFilename
Debian12allrpm<= 4.18.0+dfsg-1+deb12u1rpm_4.18.0+dfsg-1+deb12u1_all.deb
Debian11allrpm<= 4.16.1.2+dfsg1-3rpm_4.16.1.2+dfsg1-3_all.deb
Debian999allrpm<= 4.19.1.1+dfsg-1rpm_4.19.1.1+dfsg-1_all.deb
Debian13allrpm<= 4.19.1.1+dfsg-1rpm_4.19.1.1+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	rpm	<= 4.18.0+dfsg-1+deb12u1	rpm_4.18.0+dfsg-1+deb12u1_all.deb
Debian	11	all	rpm	<= 4.16.1.2+dfsg1-3	rpm_4.16.1.2+dfsg1-3_all.deb
Debian	999	all	rpm	<= 4.19.1.1+dfsg-1	rpm_4.19.1.1+dfsg-1_all.deb
Debian	13	all	rpm	<= 4.19.1.1+dfsg-1	rpm_4.19.1.1+dfsg-1_all.deb