VDB
CVE-2010-2198
CVE-2010-2198
PUBLISHED
CVSS 7.199999809265137 HIGH
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
EPSS 0.04% · 13.0th percentile
Risk Scores
CVSS 2.0
7.199999809265137
EPSS Score
0.04%
13.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| rpm | rpm | 1.3, 1.3.1, 1.4 |
Exploit Intelligence
- 40028 (circl)
- [oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) (circl)
- 65144 (circl)
- http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=598775 (circl)
- [oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) (circl)
- [oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) (circl)
- [oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) (circl)
Timeline
- Jun 8, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 40028 third-party-advisory
- [oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) mailing-list
- 65144 vdb
- http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=4d172a194addc49851e558ea390d3045894e3230 url
- https://bugzilla.redhat.com/show_bug.cgi?id=598775 url
- [oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) mailing-list
- [oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) mailing-list
- [oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2010-2198 advisory
- http://rpm.org/gitweb?p=rpm.git;a=commit;h=4d172a194addc49851e558ea390d3045894e3230 url