Launchpad.net

CVE 2010-2059

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

Related bugs and status

CVE-2010-2059 (Candidate) is related to these bugs:

Bug #530023: rpm -qpi spews errors about about indexes

Summary				In	Importance	Status
	530023	rpm -qpi spews errors about about indexes		rpm (Ubuntu)	Undecided	Fix Released
	530023	rpm -qpi spews errors about about indexes		rpm (Debian)	Unknown	Fix Released

Bug #542115: "rpmdb: Program version 4.8 doesn't match environment version 4.7" during 9.10 -> 10.04

Summary				In	Importance	Status
	542115	"rpmdb: Program version 4.8 doesn't match environment version 4.7" during 9.10 -> 10.04		rpm (Ubuntu)	High	Fix Released

Bug #574647: RPM on x86_64 is configured for i386 (4.7.2-1lbuild1)

Summary				In	Importance	Status
	574647	RPM on x86_64 is configured for i386 (4.7.2-1lbuild1)		rpm (Ubuntu)	Undecided	Fix Released

Bug #601298: Please sync rpm 4.8.1-5 (main) from Debian unstable (main).

Summary				In	Importance	Status
	601298	Please sync rpm 4.8.1-5 (main) from Debian unstable (main).		rpm (Ubuntu)	Wishlist	Fix Released

Bug #634183: app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})

		In	Importance	Status
634183	app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})	RPM	Low	In Progress
634183	app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})	Gentoo Linux	High	Confirmed
634183	app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})	Mandriva	Medium	Unknown
634183	app-arch/rpm2targz: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})	Fedora	Medium	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2059

Related bugs and status

Related bugs

References