Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-2059

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

Published

2010-06-08T18:30:10.037

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application rpm rpm ≤ 4.4.2.3 Yes
Application rpm rpm 1.2 Yes
Application rpm rpm 1.3 Yes
Application rpm rpm 1.3.1 Yes
Application rpm rpm 1.4 Yes
Application rpm rpm 1.4.2 Yes
Application rpm rpm 1.4.2\/a Yes
Application rpm rpm 1.4.3 Yes
Application rpm rpm 1.4.4 Yes
Application rpm rpm 1.4.5 Yes
Application rpm rpm 1.4.6 Yes
Application rpm rpm 1.4.7 Yes
Application rpm rpm 2..4.10 Yes
Application rpm rpm 2.0 Yes
Application rpm rpm 2.0.1 Yes
Application rpm rpm 2.0.2 Yes
Application rpm rpm 2.0.3 Yes
Application rpm rpm 2.0.4 Yes
Application rpm rpm 2.0.5 Yes
Application rpm rpm 2.0.6 Yes
Application rpm rpm 2.0.7 Yes
Application rpm rpm 2.0.8 Yes
Application rpm rpm 2.0.9 Yes
Application rpm rpm 2.0.10 Yes
Application rpm rpm 2.0.11 Yes
Application rpm rpm 2.1 Yes
Application rpm rpm 2.1.1 Yes
Application rpm rpm 2.1.2 Yes
Application rpm rpm 2.2 Yes
Application rpm rpm 2.2.1 Yes
Application rpm rpm 2.2.2 Yes
Application rpm rpm 2.2.3 Yes
Application rpm rpm 2.2.3.10 Yes
Application rpm rpm 2.2.3.11 Yes
Application rpm rpm 2.2.4 Yes
Application rpm rpm 2.2.5 Yes
Application rpm rpm 2.2.6 Yes
Application rpm rpm 2.2.7 Yes
Application rpm rpm 2.2.8 Yes
Application rpm rpm 2.2.9 Yes
Application rpm rpm 2.2.10 Yes
Application rpm rpm 2.2.11 Yes
Application rpm rpm 2.3 Yes
Application rpm rpm 2.3.1 Yes
Application rpm rpm 2.3.2 Yes
Application rpm rpm 2.3.3 Yes
Application rpm rpm 2.3.4 Yes
Application rpm rpm 2.3.5 Yes
Application rpm rpm 2.3.6 Yes
Application rpm rpm 2.3.7 Yes
Application rpm rpm 2.3.8 Yes
Application rpm rpm 2.3.9 Yes
Application rpm rpm 2.4.1 Yes
Application rpm rpm 2.4.2 Yes
Application rpm rpm 2.4.3 Yes
Application rpm rpm 2.4.4 Yes
Application rpm rpm 2.4.5 Yes
Application rpm rpm 2.4.6 Yes
Application rpm rpm 2.4.8 Yes
Application rpm rpm 2.4.9 Yes
Application rpm rpm 2.4.11 Yes
Application rpm rpm 2.4.12 Yes
Application rpm rpm 2.5 Yes
Application rpm rpm 2.5.1 Yes
Application rpm rpm 2.5.2 Yes
Application rpm rpm 2.5.3 Yes
Application rpm rpm 2.5.4 Yes
Application rpm rpm 2.5.5 Yes
Application rpm rpm 2.5.6 Yes
Application rpm rpm 2.6.7 Yes
Application rpm rpm 3.0 Yes
Application rpm rpm 3.0.1 Yes
Application rpm rpm 3.0.2 Yes
Application rpm rpm 3.0.3 Yes
Application rpm rpm 3.0.4 Yes
Application rpm rpm 3.0.5 Yes
Application rpm rpm 3.0.6 Yes
Application rpm rpm 4.0. Yes
Application rpm rpm 4.0.1 Yes
Application rpm rpm 4.0.2 Yes
Application rpm rpm 4.0.3 Yes
Application rpm rpm 4.0.4 Yes
Application rpm rpm 4.1 Yes
Application rpm rpm 4.3.3 Yes
Application rpm rpm 4.4.2 Yes
Application rpm rpm 4.4.2.1 Yes
Application rpm rpm 4.4.2.2 Yes
Application rpm rpm 4.6.0 Yes
Application rpm rpm 4.6.1 Yes
Application rpm rpm 4.7.0 Yes
Application rpm rpm 4.7.1 Yes
Application rpm rpm 4.7.2 Yes
Application rpm rpm 4.8.0 Yes
References