7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
rpm is vulnerable to privilege escalation. It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the package providing them was upgraded by a system administrator. This could have security implications if a package was upgraded because of a security flaw in a setuid or setgid program.
CPE | Name | Operator | Version |
---|---|---|---|
rpm | eq | 4.4.2.3__18.el5 | |
rpm | eq | 4.4.2.3__9.el5 | |
rpm | eq | 4.4.2.3__18.el5 | |
rpm | eq | 4.4.2.3__9.el5 |
distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz
lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
lists.vmware.com/pipermail/security-announce/2011/000126.html
marc.info/?l=oss-security&m=127559059928131&w=2
rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383
rpm.org/gitweb?p=rpm.git;a=commit;h=ca2d6b2b484f1501eafdde02e1688409340d2383
secunia.com/advisories/40028
www.mandriva.com/security/advisories?name=MDVSA-2010:180
www.openwall.com/lists/oss-security/2010/06/02/2
www.openwall.com/lists/oss-security/2010/06/02/3
www.openwall.com/lists/oss-security/2010/06/03/5
www.openwall.com/lists/oss-security/2010/06/04/1
www.osvdb.org/65143
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0679.html
www.securityfocus.com/archive/1/516909/100/0/threaded
www.vmware.com/security/advisories/VMSA-2011-0004.html
www.vupen.com/english/advisories/2011/0606
access.redhat.com/errata/RHSA-2010:0679
bugzilla.redhat.com/show_bug.cgi?id=125517
bugzilla.redhat.com/show_bug.cgi?id=598775