Lucene search
Ubuntu.comUB:CVE-2010-2197HistoryJun 08, 2010 - 12:00 a.m.
CVE-2010-2197
2010-06-0800:00:00
ubuntu.com
ubuntu.com
12
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.003 Low
EPSS
Percentile
65.8%
rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of
spec files, which allows user-assisted remote attackers to remove home
directories via vectors involving a ;~ (semicolon tilde) sequence in a Name
tag.
Bugs
- <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2197>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584257>
Notes
| Author | Note |
|---|---|
| mdeslaur | rpm spec files can also trivially remove home directories. This isn’t an issue worth fixing since it is assumed source rpms are verified before being used, either by using a signed package from a trusted source, or by carefully auditing the spec file. Downgrading to “negligible” and ignoring. |
Related
cve
cve
CVE-2010-2197
2010-06-08 18:30:00
cvelist
cvelist
CVE-2010-2197
2010-06-08 18:00:00
prion
prion
Design/Logic Flaw
2010-06-08 18:30:00
debiancve
debiancve
CVE-2010-2197
2010-06-08 18:30:00
nessus
nessus
GLSA-201206-26 : RPM: Multiple vulnerabilities
2012-06-25 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201206-26 (RPM)
2012-08-10 00:00:00
Gentoo Security Advisory GLSA 201206-26 (RPM)
2012-08-10 00:00:00
gentoo
gentoo
RPM: Multiple vulnerabilities
2012-06-24 00:00:00
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.003 Low
EPSS
Percentile
65.8%
Related for UB:CVE-2010-2197