7.2

CVE-2010-2059

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RpmRpm Version <= 4.4.2.3
RpmRpm Version1.2
RpmRpm Version1.3
RpmRpm Version1.3.1
RpmRpm Version1.4
RpmRpm Version1.4.2
RpmRpm Version1.4.3
RpmRpm Version1.4.4
RpmRpm Version1.4.5
RpmRpm Version1.4.6
RpmRpm Version1.4.7
RpmRpm Version2..4.10
RpmRpm Version2.0
RpmRpm Version2.0.1
RpmRpm Version2.0.2
RpmRpm Version2.0.3
RpmRpm Version2.0.4
RpmRpm Version2.0.5
RpmRpm Version2.0.6
RpmRpm Version2.0.7
RpmRpm Version2.0.8
RpmRpm Version2.0.9
RpmRpm Version2.0.10
RpmRpm Version2.0.11
RpmRpm Version2.1
RpmRpm Version2.1.1
RpmRpm Version2.1.2
RpmRpm Version2.2
RpmRpm Version2.2.1
RpmRpm Version2.2.2
RpmRpm Version2.2.3
RpmRpm Version2.2.3.10
RpmRpm Version2.2.3.11
RpmRpm Version2.2.4
RpmRpm Version2.2.5
RpmRpm Version2.2.6
RpmRpm Version2.2.7
RpmRpm Version2.2.8
RpmRpm Version2.2.9
RpmRpm Version2.2.10
RpmRpm Version2.2.11
RpmRpm Version2.3
RpmRpm Version2.3.1
RpmRpm Version2.3.2
RpmRpm Version2.3.3
RpmRpm Version2.3.4
RpmRpm Version2.3.5
RpmRpm Version2.3.6
RpmRpm Version2.3.7
RpmRpm Version2.3.8
RpmRpm Version2.3.9
RpmRpm Version2.4.1
RpmRpm Version2.4.2
RpmRpm Version2.4.3
RpmRpm Version2.4.4
RpmRpm Version2.4.5
RpmRpm Version2.4.6
RpmRpm Version2.4.8
RpmRpm Version2.4.9
RpmRpm Version2.4.11
RpmRpm Version2.4.12
RpmRpm Version2.5
RpmRpm Version2.5.1
RpmRpm Version2.5.2
RpmRpm Version2.5.3
RpmRpm Version2.5.4
RpmRpm Version2.5.5
RpmRpm Version2.5.6
RpmRpm Version2.6.7
RpmRpm Version3.0
RpmRpm Version3.0.1
RpmRpm Version3.0.2
RpmRpm Version3.0.3
RpmRpm Version3.0.4
RpmRpm Version3.0.5
RpmRpm Version3.0.6
RpmRpm Version4.0.
RpmRpm Version4.0.1
RpmRpm Version4.0.2
RpmRpm Version4.0.3
RpmRpm Version4.0.4
RpmRpm Version4.1
RpmRpm Version4.3.3
RpmRpm Version4.4.2
RpmRpm Version4.4.2.1
RpmRpm Version4.4.2.2
RpmRpm Version4.6.0
RpmRpm Version4.6.1
RpmRpm Version4.7.0
RpmRpm Version4.7.1
RpmRpm Version4.7.2
RpmRpm Version4.8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.136
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C