CVE-2010-2059 Information

Description

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions and RPM before 4.4.3 does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

Reference

http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://marc.info/?l=oss-security&m=127559059928131&w=2 http://rpm.org/gitweb?p=rpm.git;a=commit;h=ca2d6b2b484f1501eafdde02e1688409340d2383 http://secunia.com/advisories/40028 http://www.mandriva.com/security/advisories?name=MDVSA-2010:180 http://www.openwall.com/lists/oss-security/2010/06/02/2 http://www.openwall.com/lists/oss-security/2010/06/02/3 http://www.openwall.com/lists/oss-security/2010/06/03/5 http://www.openwall.com/lists/oss-security/2010/06/04/1 http://www.osvdb.org/65143 http://www.redhat.com/support/errata/RHSA-2010-0679.html http://www.securityfocus.com/archive/1/516909/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2011-0004.html http://www.vupen.com/english/advisories/2011/0606 https://bugzilla.redhat.com/show_bug.cgi?id=125517 https://bugzilla.redhat.com/show_bug.cgi?id=598775