Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2768

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-2768
Last Modified 18 Jun 2010 12:24:45
Published 08 Jun 2010 02:30:07
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2768

Summary

dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.

Vulnerable Systems

Application

  • Debian Dpkg 1.9.21


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=598775

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692

XF - dpkg-setgid-privilege-escalation(59428)

MISC - http://www.hackinglinuxexposed.com/articles/20031214.html

MLIST - [isn] 20031215 The mysteriously persistently exploitable program explained.


Last Updated: 27 May 2016 10:39:37