Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-2199

Опубликовано: 08 июн. 2010
Источник: nvd
CVSS2: 7.2
EPSS Низкий

Описание

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.2\/a:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2..4.10:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.4.2.3:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
Версия до 4.8.0 (включая)
cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*

EPSS

Процентиль: 14%
0.00046
Низкий

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2010-2199

ubuntu
больше 15 лет назад

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.

redhat логотип

CVE-2010-2199

redhat
больше 15 лет назад

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.

debian логотип

CVE-2010-2199

debian
больше 15 лет назад

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadat ...

github логотип

GHSA-7v29-vf8p-2rvp

github
больше 3 лет назад

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.

fstec логотип

BDU:2015-09653

fstec
больше 13 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 14%
0.00046
Низкий

7.2 High

CVSS2

Дефекты

CWE-264