CVE-2010-2059
Published: 8 June 2010
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
Notes
Author | Note |
---|---|
kees | not used for package management |
Priority
Status
Package | Release | Status |
---|---|---|
rpm Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life, was needed)
|
|
natty |
Not vulnerable
(4.8.1-6ubuntu1)
|
|
oneiric |
Not vulnerable
|
|
upstream |
Released
(4.8.1-6)
|