Уязвимость CVE-2010-2059: Информация

Описание

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

Важность: HIGH (7,2)

URL: https://nvd.nist.gov/vuln/detail/CVE-2010-2059

Опубликовано: 8 июня 2010 г.

Изменено: 13 февраля 2023 г.

Идентификатор типа ошибки: CWE-264

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
debugedit	sisyphus	5.0.0.2.ae27-alt1	5.0.0.27.6dd2-alt1	ALT-PU-2021-2518-1	282787	Исправлено
debugedit	sisyphus_riscv64	5.0.0.19.5bad-alt1	5.0.0.27.6dd2-alt1	ALT-PU-2023-3317-1	-	Исправлено
debugedit	p10	5.0.0.2.ae27-alt1	5.0.0.2.ae27-alt1	ALT-PU-2021-2600-1	283595	Исправлено
debugedit	c10f1	5.0.0.2.ae27-alt1	5.0.0.2.ae27-alt1	ALT-PU-2021-2600-1	283595	Исправлено
rpm	sisyphus	4.13.0-alt2	4.13.0.1-alt40	ALT-PU-2016-2427-1	169196	Исправлено
rpm	p10	4.13.0-alt2	4.13.0.1-alt34	ALT-PU-2016-2427-1	169196	Исправлено
rpm	p9	4.13.0-alt2	4.13.0.1-alt24	ALT-PU-2016-2427-1	169196	Исправлено
rpm	c10f1	4.13.0-alt2	4.13.0.1-alt34	ALT-PU-2016-2427-1	169196	Исправлено
rpm	c9f2	4.13.0-alt2	4.13.0.1-alt24	ALT-PU-2016-2427-1	169196	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
40028	Vendor Advisory
[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)
https://bugzilla.redhat.com/show_bug.cgi?id=125517
[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)
[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)
http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz	Patch
[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)
https://bugzilla.redhat.com/show_bug.cgi?id=598775
65143
[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)
SUSE-SR:2010:014
MDVSA-2010:180
SUSE-SR:2010:017
RHSA-2010:0679
[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
ADV-2011-0606
20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2..4.10:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
  End including
  4.4.2.3
  cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*
  
  Конфигурация 2
  cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*

Версия: v24.5.1

Наверх

Уязвимость CVE-2010-2059: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2