Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4889

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-4889
Last Modified 17 Sep 2010 12:38:41
Published 08 Jun 2010 02:30:09
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4889

Summary

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

Vulnerable Systems

Application

  • Rpm 1.2

  • Rpm 1.3

  • Rpm 1.3.1

  • Rpm 1.4

  • Rpm 1.4.2

  • Rpm 1.4.2%2fa

  • Rpm 1.4.3

  • Rpm 1.4.4

  • Rpm 1.4.5

  • Rpm 1.4.6

  • Rpm 1.4.7

  • Rpm 2..4.10

  • Rpm 2.0

  • Rpm 2.0.1

  • Rpm 2.0.10

  • Rpm 2.0.11

  • Rpm 2.0.2

  • Rpm 2.0.3

  • Rpm 2.0.4

  • Rpm 2.0.5

  • Rpm 2.0.6

  • Rpm 2.0.7

  • Rpm 2.0.8

  • Rpm 2.0.9

  • Rpm 2.1

  • Rpm 2.1.1

  • Rpm 2.1.2

  • Rpm 2.2

  • Rpm 2.2.1

  • Rpm 2.2.10

  • Rpm 2.2.11

  • Rpm 2.2.2

  • Rpm 2.2.3

  • Rpm 2.2.3.10

  • Rpm 2.2.3.11

  • Rpm 2.2.4

  • Rpm 2.2.5

  • Rpm 2.2.6

  • Rpm 2.2.7

  • Rpm 2.2.8

  • Rpm 2.2.9

  • Rpm 2.3

  • Rpm 2.3.1

  • Rpm 2.3.2

  • Rpm 2.3.3

  • Rpm 2.3.4

  • Rpm 2.3.5

  • Rpm 2.3.6

  • Rpm 2.3.7

  • Rpm 2.3.8

  • Rpm 2.3.9

  • Rpm 2.4.1

  • Rpm 2.4.11

  • Rpm 2.4.12

  • Rpm 2.4.2

  • Rpm 2.4.3

  • Rpm 2.4.4

  • Rpm 2.4.5

  • Rpm 2.4.6

  • Rpm 2.4.8

  • Rpm 2.4.9

  • Rpm 2.5

  • Rpm 2.5.1

  • Rpm 2.5.2

  • Rpm 2.5.3

  • Rpm 2.5.4

  • Rpm 2.5.5

  • Rpm 2.5.6

  • Rpm 2.6.7

  • Rpm 3.0

  • Rpm 3.0.1

  • Rpm 3.0.2

  • Rpm 3.0.3

  • Rpm 3.0.4

  • Rpm 3.0.5

  • Rpm 3.0.6

  • Rpm 4.0.

  • Rpm 4.0.1

  • Rpm 4.0.2

  • Rpm 4.0.3

  • Rpm 4.0.4

  • Rpm 4.1

  • Rpm 4.3.3

  • Rpm 4.4.2.

  • Rpm 4.4.2.1

  • Rpm 4.4.2.2

  • Rpm 4.4.2.3


References

CONFIRM - http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=598775

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=125517

XF - rpm-setgid-privilege-escalation(59426)

MANDRIVA - MDVSA-2010:180


Last Updated: 27 May 2016 10:41:28