CVE-2010-2199

EUVD-2010-2215
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
rpmrpm
1.2
rpmrpm
1.3
rpmrpm
1.3.1
rpmrpm
1.4
rpmrpm
1.4.2
rpmrpm
1.4.2\/a
rpmrpm
1.4.3
rpmrpm
1.4.4
rpmrpm
1.4.5
rpmrpm
1.4.6
rpmrpm
1.4.7
rpmrpm
2..4.10
rpmrpm
2.0
rpmrpm
2.0.1
rpmrpm
2.0.2
rpmrpm
2.0.3
rpmrpm
2.0.4
rpmrpm
2.0.5
rpmrpm
2.0.6
rpmrpm
2.0.7
rpmrpm
2.0.8
rpmrpm
2.0.9
rpmrpm
2.0.10
rpmrpm
2.0.11
rpmrpm
2.1
rpmrpm
2.1.1
rpmrpm
2.1.2
rpmrpm
2.2
rpmrpm
2.2.1
rpmrpm
2.2.2
rpmrpm
2.2.3
rpmrpm
2.2.3.10
rpmrpm
2.2.3.11
rpmrpm
2.2.4
rpmrpm
2.2.5
rpmrpm
2.2.6
rpmrpm
2.2.7
rpmrpm
2.2.8
rpmrpm
2.2.9
rpmrpm
2.2.10
rpmrpm
2.2.11
rpmrpm
2.3
rpmrpm
2.3.1
rpmrpm
2.3.2
rpmrpm
2.3.3
rpmrpm
2.3.4
rpmrpm
2.3.5
rpmrpm
2.3.6
rpmrpm
2.3.7
rpmrpm
2.3.8
rpmrpm
2.3.9
rpmrpm
2.4.1
rpmrpm
2.4.2
rpmrpm
2.4.3
rpmrpm
2.4.4
rpmrpm
2.4.5
rpmrpm
2.4.6
rpmrpm
2.4.8
rpmrpm
2.4.9
rpmrpm
2.4.11
rpmrpm
2.4.12
rpmrpm
2.5
rpmrpm
2.5.1
rpmrpm
2.5.2
rpmrpm
2.5.3
rpmrpm
2.5.4
rpmrpm
2.5.5
rpmrpm
2.5.6
rpmrpm
2.6.7
rpmrpm
3.0
rpmrpm
3.0.1
rpmrpm
3.0.2
rpmrpm
3.0.3
rpmrpm
3.0.4
rpmrpm
3.0.5
rpmrpm
3.0.6
rpmrpm
4.0.
rpmrpm
4.0.1
rpmrpm
4.0.2
rpmrpm
4.0.3
rpmrpm
4.0.4
rpmrpm
4.1
rpmrpm
4.3.3
rpmrpm
4.4.2
rpmrpm
4.4.2.1
rpmrpm
4.4.2.2
rpmrpm
4.4.2.3
rpmrpm
𝑥
≤ 4.8.0
rpmrpm
4.6.0
rpmrpm
4.6.1
rpmrpm
4.7.0
rpmrpm
4.7.1
rpmrpm
4.7.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rpm
bookworm
unimportant
bullseye
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rpm
dapper
ignored
hardy
ignored
jaunty
ignored
karmic
ignored
lucid
ignored
maverick
ignored
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=125517
https://exchange.xforce.ibmcloud.com/vulnerabilities/59416
https://bugzilla.redhat.com/show_bug.cgi?id=125517
https://exchange.xforce.ibmcloud.com/vulnerabilities/59416