Vulnerability Name:

CVE-2010-2198 (CCN-59106)

Assigned:2010-06-02
Published:2010-06-02
Updated:2010-06-09
Summary:lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2010-2198

Source: MLIST
Type: UNKNOWN
[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)

Source: CONFIRM
Type: UNKNOWN
http://rpm.org/gitweb?p=rpm.git;a=commit;h=4d172a194addc49851e558ea390d3045894e3230

Source: CCN
Type: SA40028
RPM Package Manager Package Upgrade File Metadata Update Weaknesses

Source: SECUNIA
Type: Vendor Advisory
40028

Source: MLIST
Type: UNKNOWN
[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)

Source: MLIST
Type: UNKNOWN
[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)

Source: MLIST
Type: UNKNOWN
[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)

Source: OSVDB
Type: UNKNOWN
65144

Source: CCN
Type: OSVDB ID: 65144
Red Hat Package Manager (RPM) Package Upgrade POSIX File Capabilities Weakness

Source: CCN
Type: OSVDB ID: 83269
Red Hat Package Manager (RPM) Upgrade / Removal fsm.c POSIX File Capabilities Stripping Weakness

Source: CCN
Type: RPM Web site
RPM Package Manager

Source: CCN
Type: BID-40512
RPM Package Update and Removal File Attribute Security Bypass Vulnerabilities

Source: CCN
Type: Red Hat Bugzilla Bug 598775
rpm: Fails to remove the SUID/SGID bits on package upgrade

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=598775

Source: XF
Type: UNKNOWN
rpm-posix-privilege-escalation(59106)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rpm:rpm:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:1.4.2/a:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:1.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:1.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:1.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:1.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2..4.10:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:2.6.7:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.4.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.4.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:rpm:rpm:4.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.7.0:-:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:4.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:rpm:rpm:*:*:*:*:*:*:*:* (Version <= 4.8.0)

    • Configuration CCN 1:
  • cpe:/a:rpm:rpm:4.11.1:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    rpm rpm 1.2
    rpm rpm 1.3
    rpm rpm 1.3.1
    rpm rpm 1.4
    rpm rpm 1.4.2
    rpm rpm 1.4.2/a
    rpm rpm 1.4.3
    rpm rpm 1.4.4
    rpm rpm 1.4.5
    rpm rpm 1.4.6
    rpm rpm 1.4.7
    rpm rpm 2..4.10
    rpm rpm 2.0
    rpm rpm 2.0.1
    rpm rpm 2.0.2
    rpm rpm 2.0.3
    rpm rpm 2.0.4
    rpm rpm 2.0.5
    rpm rpm 2.0.6
    rpm rpm 2.0.7
    rpm rpm 2.0.8
    rpm rpm 2.0.9
    rpm rpm 2.0.10
    rpm rpm 2.0.11
    rpm rpm 2.1
    rpm rpm 2.1.1
    rpm rpm 2.1.2
    rpm rpm 2.2
    rpm rpm 2.2.1
    rpm rpm 2.2.2
    rpm rpm 2.2.3
    rpm rpm 2.2.3.10
    rpm rpm 2.2.3.11
    rpm rpm 2.2.4
    rpm rpm 2.2.5
    rpm rpm 2.2.6
    rpm rpm 2.2.7
    rpm rpm 2.2.8
    rpm rpm 2.2.9
    rpm rpm 2.2.10
    rpm rpm 2.2.11
    rpm rpm 2.3
    rpm rpm 2.3.1
    rpm rpm 2.3.2
    rpm rpm 2.3.3
    rpm rpm 2.3.4
    rpm rpm 2.3.5
    rpm rpm 2.3.6
    rpm rpm 2.3.7
    rpm rpm 2.3.8
    rpm rpm 2.3.9
    rpm rpm 2.4.1
    rpm rpm 2.4.2
    rpm rpm 2.4.3
    rpm rpm 2.4.4
    rpm rpm 2.4.5
    rpm rpm 2.4.6
    rpm rpm 2.4.8
    rpm rpm 2.4.9
    rpm rpm 2.4.11
    rpm rpm 2.4.12
    rpm rpm 2.5
    rpm rpm 2.5.1
    rpm rpm 2.5.2
    rpm rpm 2.5.3
    rpm rpm 2.5.4
    rpm rpm 2.5.5
    rpm rpm 2.5.6
    rpm rpm 2.6.7
    rpm rpm 3.0
    rpm rpm 3.0.1
    rpm rpm 3.0.2
    rpm rpm 3.0.3
    rpm rpm 3.0.4
    rpm rpm 3.0.5
    rpm rpm 3.0.6
    rpm rpm 4.0.
    rpm rpm 4.0.1
    rpm rpm 4.0.2
    rpm rpm 4.0.3
    rpm rpm 4.0.4
    rpm rpm 4.1
    rpm rpm 4.3.3
    rpm rpm 4.4.2
    rpm rpm 4.4.2.1
    rpm rpm 4.4.2.2
    rpm rpm 4.4.2.3
    rpm rpm 4.6.0
    rpm rpm 4.6.1
    rpm rpm 4.7.0
    rpm rpm 4.7.1
    rpm rpm 4.7.2
    rpm rpm *
    rpm rpm 4.11.1