CVE: CVE-2010-2059

Descrizione: lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

Vettore di attacco

Riferimenti esterni

• http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz
• http://www.redhat.com/support/errata/RHSA-2010-0679.html
• http://lists.vmware.com/pipermail/security-announce/2011/000126.html
• http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383
• http://www.vupen.com/english/advisories/2011/0606
• http://www.osvdb.org/65143
• http://www.securityfocus.com/archive/1/516909/100/0/threaded
• http://secunia.com/advisories/40028
• http://marc.info/?l=oss-security&m=127559059928131&w=2
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:180
• http://www.openwall.com/lists/oss-security/2010/06/02/2
• http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
• https://bugzilla.redhat.com/show_bug.cgi?id=598775
• http://www.openwall.com/lists/oss-security/2010/06/02/3
• http://www.openwall.com/lists/oss-security/2010/06/03/5
• http://www.openwall.com/lists/oss-security/2010/06/04/1
• http://www.vmware.com/security/advisories/VMSA-2011-0004.html
• https://bugzilla.redhat.com/show_bug.cgi?id=125517

Prodotti interessati

• n/a – n/a

Relazioni con altri prodotti

Nessun prodotto trovato per il CVE: cve-2010-2059