CVE-2010-2198

Sažetak

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

Reference

http://www.openwall.com/lists/oss-security/2010/06/04/1
https://bugzilla.redhat.com/show_bug.cgi?id=598775
http://www.openwall.com/lists/oss-security/2010/06/02/3
http://marc.info/?l=oss-security&m=127559059928131&w=2
http://www.openwall.com/lists/oss-security/2010/06/03/5
http://secunia.com/advisories/40028
http://www.osvdb.org/65144
http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 02:05

Objavljeno

08-06-2010 - 18:30