CVE-2005-4889

EPSS 0.05%
Published 08.06.2010 18:30:09
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Rpm ≫ Rpm Version <= 4.4.2.3

Rpm ≫ Rpm Version1.2

Rpm ≫ Rpm Version1.3

Rpm ≫ Rpm Version1.3.1

Rpm ≫ Rpm Version1.4

Rpm ≫ Rpm Version1.4.2

Rpm ≫ Rpm Version1.4.3

Rpm ≫ Rpm Version1.4.4

Rpm ≫ Rpm Version1.4.5

Rpm ≫ Rpm Version1.4.6

Rpm ≫ Rpm Version1.4.7

Rpm ≫ Rpm Version2..4.10

Rpm ≫ Rpm Version2.0

Rpm ≫ Rpm Version2.0.1

Rpm ≫ Rpm Version2.0.2

Rpm ≫ Rpm Version2.0.3

Rpm ≫ Rpm Version2.0.4

Rpm ≫ Rpm Version2.0.5

Rpm ≫ Rpm Version2.0.6

Rpm ≫ Rpm Version2.0.7

Rpm ≫ Rpm Version2.0.8

Rpm ≫ Rpm Version2.0.9

Rpm ≫ Rpm Version2.0.10

Rpm ≫ Rpm Version2.0.11

Rpm ≫ Rpm Version2.1

Rpm ≫ Rpm Version2.1.1

Rpm ≫ Rpm Version2.1.2

Rpm ≫ Rpm Version2.2

Rpm ≫ Rpm Version2.2.1

Rpm ≫ Rpm Version2.2.2

Rpm ≫ Rpm Version2.2.3

Rpm ≫ Rpm Version2.2.3.10

Rpm ≫ Rpm Version2.2.3.11

Rpm ≫ Rpm Version2.2.4

Rpm ≫ Rpm Version2.2.5

Rpm ≫ Rpm Version2.2.6

Rpm ≫ Rpm Version2.2.7

Rpm ≫ Rpm Version2.2.8

Rpm ≫ Rpm Version2.2.9

Rpm ≫ Rpm Version2.2.10

Rpm ≫ Rpm Version2.2.11

Rpm ≫ Rpm Version2.3

Rpm ≫ Rpm Version2.3.1

Rpm ≫ Rpm Version2.3.2

Rpm ≫ Rpm Version2.3.3

Rpm ≫ Rpm Version2.3.4

Rpm ≫ Rpm Version2.3.5

Rpm ≫ Rpm Version2.3.6

Rpm ≫ Rpm Version2.3.7

Rpm ≫ Rpm Version2.3.8

Rpm ≫ Rpm Version2.3.9

Rpm ≫ Rpm Version2.4.1

Rpm ≫ Rpm Version2.4.2

Rpm ≫ Rpm Version2.4.3

Rpm ≫ Rpm Version2.4.4

Rpm ≫ Rpm Version2.4.5

Rpm ≫ Rpm Version2.4.6

Rpm ≫ Rpm Version2.4.8

Rpm ≫ Rpm Version2.4.9

Rpm ≫ Rpm Version2.4.11

Rpm ≫ Rpm Version2.4.12

Rpm ≫ Rpm Version2.5

Rpm ≫ Rpm Version2.5.1

Rpm ≫ Rpm Version2.5.2

Rpm ≫ Rpm Version2.5.3

Rpm ≫ Rpm Version2.5.4

Rpm ≫ Rpm Version2.5.5

Rpm ≫ Rpm Version2.5.6

Rpm ≫ Rpm Version2.6.7

Rpm ≫ Rpm Version3.0

Rpm ≫ Rpm Version3.0.1

Rpm ≫ Rpm Version3.0.2

Rpm ≫ Rpm Version3.0.3

Rpm ≫ Rpm Version3.0.4

Rpm ≫ Rpm Version3.0.5

Rpm ≫ Rpm Version3.0.6

Rpm ≫ Rpm Version4.0.

Rpm ≫ Rpm Version4.0.1

Rpm ≫ Rpm Version4.0.2

Rpm ≫ Rpm Version4.0.3

Rpm ≫ Rpm Version4.0.4

Rpm ≫ Rpm Version4.1

Rpm ≫ Rpm Version4.3.3

Rpm ≫ Rpm Version4.4.2.

Rpm ≫ Rpm Version4.4.2.1

Rpm ≫ Rpm Version4.4.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.113

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

https://bugzilla.redhat.com/show_bug.cgi?id=598775

http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz

Patch

http://www.mandriva.com/security/advisories?name=MDVSA-2010:180

https://bugzilla.redhat.com/show_bug.cgi?id=125517

https://exchange.xforce.ibmcloud.com/vulnerabilities/59426

https://nvd.nist.gov/vuln/detail/CVE-2005-4889

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4889

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4889

EUVD