CVE-2005-4889

EPSS 0.05%
Veröffentlicht 08.06.2010 18:30:09
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rpm ≫ Rpm Version <= 4.4.2.3

Rpm ≫ Rpm Version1.2

Rpm ≫ Rpm Version1.3

Rpm ≫ Rpm Version1.3.1

Rpm ≫ Rpm Version1.4

Rpm ≫ Rpm Version1.4.2

Rpm ≫ Rpm Version1.4.3

Rpm ≫ Rpm Version1.4.4

Rpm ≫ Rpm Version1.4.5

Rpm ≫ Rpm Version1.4.6

Rpm ≫ Rpm Version1.4.7

Rpm ≫ Rpm Version2..4.10

Rpm ≫ Rpm Version2.0

Rpm ≫ Rpm Version2.0.1

Rpm ≫ Rpm Version2.0.2

Rpm ≫ Rpm Version2.0.3

Rpm ≫ Rpm Version2.0.4

Rpm ≫ Rpm Version2.0.5

Rpm ≫ Rpm Version2.0.6

Rpm ≫ Rpm Version2.0.7

Rpm ≫ Rpm Version2.0.8

Rpm ≫ Rpm Version2.0.9

Rpm ≫ Rpm Version2.0.10

Rpm ≫ Rpm Version2.0.11

Rpm ≫ Rpm Version2.1

Rpm ≫ Rpm Version2.1.1

Rpm ≫ Rpm Version2.1.2

Rpm ≫ Rpm Version2.2

Rpm ≫ Rpm Version2.2.1

Rpm ≫ Rpm Version2.2.2

Rpm ≫ Rpm Version2.2.3

Rpm ≫ Rpm Version2.2.3.10

Rpm ≫ Rpm Version2.2.3.11

Rpm ≫ Rpm Version2.2.4

Rpm ≫ Rpm Version2.2.5

Rpm ≫ Rpm Version2.2.6

Rpm ≫ Rpm Version2.2.7

Rpm ≫ Rpm Version2.2.8

Rpm ≫ Rpm Version2.2.9

Rpm ≫ Rpm Version2.2.10

Rpm ≫ Rpm Version2.2.11

Rpm ≫ Rpm Version2.3

Rpm ≫ Rpm Version2.3.1

Rpm ≫ Rpm Version2.3.2

Rpm ≫ Rpm Version2.3.3

Rpm ≫ Rpm Version2.3.4

Rpm ≫ Rpm Version2.3.5

Rpm ≫ Rpm Version2.3.6

Rpm ≫ Rpm Version2.3.7

Rpm ≫ Rpm Version2.3.8

Rpm ≫ Rpm Version2.3.9

Rpm ≫ Rpm Version2.4.1

Rpm ≫ Rpm Version2.4.2

Rpm ≫ Rpm Version2.4.3

Rpm ≫ Rpm Version2.4.4

Rpm ≫ Rpm Version2.4.5

Rpm ≫ Rpm Version2.4.6

Rpm ≫ Rpm Version2.4.8

Rpm ≫ Rpm Version2.4.9

Rpm ≫ Rpm Version2.4.11

Rpm ≫ Rpm Version2.4.12

Rpm ≫ Rpm Version2.5

Rpm ≫ Rpm Version2.5.1

Rpm ≫ Rpm Version2.5.2

Rpm ≫ Rpm Version2.5.3

Rpm ≫ Rpm Version2.5.4

Rpm ≫ Rpm Version2.5.5

Rpm ≫ Rpm Version2.5.6

Rpm ≫ Rpm Version2.6.7

Rpm ≫ Rpm Version3.0

Rpm ≫ Rpm Version3.0.1

Rpm ≫ Rpm Version3.0.2

Rpm ≫ Rpm Version3.0.3

Rpm ≫ Rpm Version3.0.4

Rpm ≫ Rpm Version3.0.5

Rpm ≫ Rpm Version3.0.6

Rpm ≫ Rpm Version4.0.

Rpm ≫ Rpm Version4.0.1

Rpm ≫ Rpm Version4.0.2

Rpm ≫ Rpm Version4.0.3

Rpm ≫ Rpm Version4.0.4

Rpm ≫ Rpm Version4.1

Rpm ≫ Rpm Version4.3.3

Rpm ≫ Rpm Version4.4.2.

Rpm ≫ Rpm Version4.4.2.1

Rpm ≫ Rpm Version4.4.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.113

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

https://bugzilla.redhat.com/show_bug.cgi?id=598775

http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz

Patch

http://www.mandriva.com/security/advisories?name=MDVSA-2010:180

https://bugzilla.redhat.com/show_bug.cgi?id=125517

https://exchange.xforce.ibmcloud.com/vulnerabilities/59426

https://nvd.nist.gov/vuln/detail/CVE-2005-4889

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4889

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4889

EUVD