| Vulnerability Name: | CVE-2010-2059 (CCN-59105) | ||||||||||||||||||||||||||||||||
| Assigned: | 2010-06-01 | ||||||||||||||||||||||||||||||||
| Published: | 2010-06-01 | ||||||||||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||
| Summary: | lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
1.4 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2010-2059 Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RHSA-2010-0678 Moderate: rpm security update Source: CCN Type: RHSA-2010-0679 Moderate: rpm security and bug fix update Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: SA40028 RPM Package Manager Package Upgrade File Metadata Update Weaknesses Source: CCN Type: SA43675 VMware ESX Server Service Console Multiple Vulnerabilities Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: OSVDB ID: 65143 Red Hat Package Manager (RPM) Package Upgrade SetUID/SetGID Weakness Source: CCN Type: OSVDB ID: 65144 Red Hat Package Manager (RPM) Package Upgrade POSIX File Capabilities Weakness Source: CCN Type: OSVDB ID: 66942 dpkg Package Upgrade Metadata Reset Weakness Multiple File Hard Link Local Privilege Escalation Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: RPM Web site RPM Package Manager Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-40512 RPM Package Update and Removal File Attribute Security Bypass Vulnerabilities Source: CCN Type: VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Red Hat Bugzilla Bug 598775 rpm: Fails to remove the SUID/SGID bits on package upgrade Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN rpm-setuid-privilege-escalation(59105) Source: SUSE Type: SUSE-SR:2010:017 (java-1_4_2-ibm, sudo, libpng, php5, tgt, iscsitarget, aria2, pcsc-lite, tomcat5, tomcat6, lvm2, libvirt, rpm, libtiff, dovecot12) | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||