Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-4889

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

Published

2010-06-08T18:30:09.977

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application rpm rpm ≤ 4.4.2.3 Yes
Application rpm rpm 1.2 Yes
Application rpm rpm 1.3 Yes
Application rpm rpm 1.3.1 Yes
Application rpm rpm 1.4 Yes
Application rpm rpm 1.4.2 Yes
Application rpm rpm 1.4.2\/a Yes
Application rpm rpm 1.4.3 Yes
Application rpm rpm 1.4.4 Yes
Application rpm rpm 1.4.5 Yes
Application rpm rpm 1.4.6 Yes
Application rpm rpm 1.4.7 Yes
Application rpm rpm 2..4.10 Yes
Application rpm rpm 2.0 Yes
Application rpm rpm 2.0.1 Yes
Application rpm rpm 2.0.2 Yes
Application rpm rpm 2.0.3 Yes
Application rpm rpm 2.0.4 Yes
Application rpm rpm 2.0.5 Yes
Application rpm rpm 2.0.6 Yes
Application rpm rpm 2.0.7 Yes
Application rpm rpm 2.0.8 Yes
Application rpm rpm 2.0.9 Yes
Application rpm rpm 2.0.10 Yes
Application rpm rpm 2.0.11 Yes
Application rpm rpm 2.1 Yes
Application rpm rpm 2.1.1 Yes
Application rpm rpm 2.1.2 Yes
Application rpm rpm 2.2 Yes
Application rpm rpm 2.2.1 Yes
Application rpm rpm 2.2.2 Yes
Application rpm rpm 2.2.3 Yes
Application rpm rpm 2.2.3.10 Yes
Application rpm rpm 2.2.3.11 Yes
Application rpm rpm 2.2.4 Yes
Application rpm rpm 2.2.5 Yes
Application rpm rpm 2.2.6 Yes
Application rpm rpm 2.2.7 Yes
Application rpm rpm 2.2.8 Yes
Application rpm rpm 2.2.9 Yes
Application rpm rpm 2.2.10 Yes
Application rpm rpm 2.2.11 Yes
Application rpm rpm 2.3 Yes
Application rpm rpm 2.3.1 Yes
Application rpm rpm 2.3.2 Yes
Application rpm rpm 2.3.3 Yes
Application rpm rpm 2.3.4 Yes
Application rpm rpm 2.3.5 Yes
Application rpm rpm 2.3.6 Yes
Application rpm rpm 2.3.7 Yes
Application rpm rpm 2.3.8 Yes
Application rpm rpm 2.3.9 Yes
Application rpm rpm 2.4.1 Yes
Application rpm rpm 2.4.2 Yes
Application rpm rpm 2.4.3 Yes
Application rpm rpm 2.4.4 Yes
Application rpm rpm 2.4.5 Yes
Application rpm rpm 2.4.6 Yes
Application rpm rpm 2.4.8 Yes
Application rpm rpm 2.4.9 Yes
Application rpm rpm 2.4.11 Yes
Application rpm rpm 2.4.12 Yes
Application rpm rpm 2.5 Yes
Application rpm rpm 2.5.1 Yes
Application rpm rpm 2.5.2 Yes
Application rpm rpm 2.5.3 Yes
Application rpm rpm 2.5.4 Yes
Application rpm rpm 2.5.5 Yes
Application rpm rpm 2.5.6 Yes
Application rpm rpm 2.6.7 Yes
Application rpm rpm 3.0 Yes
Application rpm rpm 3.0.1 Yes
Application rpm rpm 3.0.2 Yes
Application rpm rpm 3.0.3 Yes
Application rpm rpm 3.0.4 Yes
Application rpm rpm 3.0.5 Yes
Application rpm rpm 3.0.6 Yes
Application rpm rpm 4.0. Yes
Application rpm rpm 4.0.1 Yes
Application rpm rpm 4.0.2 Yes
Application rpm rpm 4.0.3 Yes
Application rpm rpm 4.0.4 Yes
Application rpm rpm 4.1 Yes
Application rpm rpm 4.3.3 Yes
Application rpm rpm 4.4.2. Yes
Application rpm rpm 4.4.2.1 Yes
Application rpm rpm 4.4.2.2 Yes
References