CVE-2010-2059

描述

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.

受影響套件(1)

• Debian/rpmfrom 0, < 4.8.1-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-2059