CVE-2010-2198

Severity

72%

Complexity

39%

Confidentiality

165%

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

RPM Package Manager

First reported 14 years ago

2010-06-08 18:30:00

Last updated 14 years ago

2010-06-09 04:00:00

Affected Software

RPM RPM Package Manager 1.2

1.2

RPM RPM Package Manager 1.3

1.3

RPM RPM Package Manager 1.3.1

1.3.1

RPM RPM Package Manager 1.4

1.4

RPM RPM Package Manager 1.4.2

1.4.2

RPM RPM Package Manager 1.4.2/a

1.4.2\/a

RPM RPM Package Manager 1.4.3

1.4.3

RPM RPM Package Manager 1.4.4

1.4.4

RPM RPM Package Manager 1.4.5

1.4.5

RPM RPM Package Manager 1.4.6

1.4.6

RPM RPM Package Manager 1.4.7

1.4.7

RPM RPM Package Manager 2.0

2.0

RPM RPM Package Manager 2.0.1

2.0.1

RPM RPM Package Manager 2.0.2

2.0.2

RPM RPM Package Manager 2.0.3

2.0.3

RPM RPM Package Manager 2.0.4

2.0.4

RPM RPM Package Manager 2.0.5

2.0.5

RPM RPM Package Manager 2.0.6

2.0.6

RPM RPM Package Manager 2.0.7

2.0.7

RPM RPM Package Manager 2.0.8

2.0.8

RPM RPM Package Manager 2.0.9

2.0.9

RPM RPM Package Manager 2.0.10

2.0.10

RPM RPM Package Manager 2.0.11

2.0.11

RPM RPM Package Manager 2.1

2.1

RPM RPM Package Manager 2.1.1

2.1.1

RPM RPM Package Manager 2.1.2

2.1.2

RPM RPM Package Manager 2.2

2.2

RPM RPM Package Manager 2.2.1

2.2.1

RPM RPM Package Manager 2.2.2

2.2.2

RPM RPM Package Manager 2.2.3

2.2.3

RPM RPM Package Manager 2.3.10

2.2.3.10

RPM RPM Package Manager 2.3.11

2.2.3.11

RPM RPM Package Manager 2.2.4

2.2.4

RPM RPM Package Manager 2.2.5

2.2.5

RPM RPM Package Manager 2.2.6

2.2.6

RPM RPM Package Manager 2.2.7

2.2.7

RPM RPM Package Manager 2.2.8

2.2.8

RPM RPM Package Manager 2.2.9

2.2.9

RPM RPM Package Manager 2.2.10

2.2.10

RPM RPM Package Manager 2.2.11

2.2.11

RPM RPM Package Manager 2.3

2.3

RPM RPM Package Manager 2.3.1

2.3.1

RPM RPM Package Manager 2.3.2

2.3.2

RPM RPM Package Manager 2.3.3

2.3.3

RPM RPM Package Manager 2.3.4

2.3.4

RPM RPM Package Manager 2.3.5

2.3.5

RPM RPM Package Manager 2.3.6

2.3.6

RPM RPM Package Manager 2.3.7

2.3.7

RPM RPM Package Manager 2.3.9

2.3.8

RPM RPM Package Manager 2.3.9

2.3.9

RPM RPM Package Manager 2.4.1

2.4.1

RPM RPM Package Manager 2.4.2

2.4.2

RPM RPM Package Manager 2.4.3

2.4.3

RPM RPM Package Manager 2.4.4

2.4.4

RPM RPM Package Manager 2.4.5

2.4.5

RPM RPM Package Manager 2.4.6

2.4.6

RPM RPM Package Manager 2.4.8

2.4.8

RPM RPM Package Manager 2.4.9

2.4.9

RPM RPM Package Manager 2..11

2.4.11

RPM RPM Package Manager 2.4.12

2.4.12

RPM RPM Package Manager 2.5

2.5

RPM RPM Package Manager 2.5.1

2.5.1

RPM RPM Package Manager 2.5.2

2.5.2

RPM RPM Package Manager 2.5.3

2.5.3

RPM RPM Package Manager 2.5.4

2.5.4

RPM RPM Package Manager 2.5.5

2.5.5

RPM RPM Package Manager 2.5.6

2.5.6

RPM RPM Package Manager 2.4.7

2.6.7

RPM RPM Package Manager 3.0

3.0

RPM RPM Package Manager 3.0.1

3.0.1

RPM RPM Package Manager 3.0.2

3.0.2

RPM RPM Package Manager 3.0.3

3.0.3

RPM RPM Package Manager 3.0.4

3.0.4

RPM RPM Package Manager 3.0.5

3.0.5

RPM RPM Package Manager 3.0.6

3.0.6

RPM RPM Package Manager 4.0

4.0.

RPM RPM Package Manager 4.0.1

4.0.1

RPM RPM Package Manager 4.0.2

4.0.2

RPM RPM Package Manager 4.0.3

4.0.3

RPM RPM Package Manager 4.0.4

4.0.4

RPM RPM Package Manager 4.1

4.1

RPM RPM Package Manager 4.3

4.3.3

RPM Package Manager 4.4.2

4.4.2

RPM RPM Package Manager 4.4.2.1

4.4.2.1

RPM RPM Package Manager 4.4.2.2

4.4.2.2

RPM RPM Package Manager 4.4.2.3

4.4.2.3

RPM RPM Package Manager 4.6.0

4.6.0

RPM RPM Package Manager 4.6.1

4.6.1

RPM RPM Package Manager 4.7.0

4.7.0

RPM RPM Package Manager 4.7.1

4.7.1

RPM RPM Package Manager 4.7.2

4.7.2

References

[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)

http://rpm.org/gitweb?p=rpm.git;a=commit;h=4d172a194addc49851e558ea390d3045894e3230

40028

Vendor Advisory

[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)

[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)

[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)

65144

https://bugzilla.redhat.com/show_bug.cgi?id=598775

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.