Vulnerability CVE-2005-4889: Information

Description

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

Severity: HIGH (7.2)

Fixed packages

References to Advisories, Solutions, and Tools

1. Affected configurations:

   1. Configuration 1

      cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2..4.10:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*

      End including

      4.4.2.3

      ---

      cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:4.4.2.:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*

      ---