mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
153 lines
5.9 KiB
JSON
153 lines
5.9 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2010-2059",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
|
|
"refsource" : "BUGTRAQ",
|
|
"url" : "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
|
|
},
|
|
{
|
|
"name" : "[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
|
|
"refsource" : "MLIST",
|
|
"url" : "http://www.openwall.com/lists/oss-security/2010/06/02/2"
|
|
},
|
|
{
|
|
"name" : "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
|
|
"refsource" : "MLIST",
|
|
"url" : "http://www.openwall.com/lists/oss-security/2010/06/02/3"
|
|
},
|
|
{
|
|
"name" : "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
|
|
"refsource" : "MLIST",
|
|
"url" : "http://marc.info/?l=oss-security&m=127559059928131&w=2"
|
|
},
|
|
{
|
|
"name" : "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
|
|
"refsource" : "MLIST",
|
|
"url" : "http://www.openwall.com/lists/oss-security/2010/06/03/5"
|
|
},
|
|
{
|
|
"name" : "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
|
|
"refsource" : "MLIST",
|
|
"url" : "http://www.openwall.com/lists/oss-security/2010/06/04/1"
|
|
},
|
|
{
|
|
"name" : "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
|
|
"refsource" : "MLIST",
|
|
"url" : "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
|
|
},
|
|
{
|
|
"name" : "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
|
|
},
|
|
{
|
|
"name" : "http://rpm.org/gitweb?p=rpm.git;a=commit;h=ca2d6b2b484f1501eafdde02e1688409340d2383",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://rpm.org/gitweb?p=rpm.git;a=commit;h=ca2d6b2b484f1501eafdde02e1688409340d2383"
|
|
},
|
|
{
|
|
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
|
|
},
|
|
{
|
|
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=598775",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
|
|
},
|
|
{
|
|
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
|
|
},
|
|
{
|
|
"name" : "MDVSA-2010:180",
|
|
"refsource" : "MANDRIVA",
|
|
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
|
|
},
|
|
{
|
|
"name" : "RHSA-2010:0679",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
|
|
},
|
|
{
|
|
"name" : "SUSE-SR:2010:014",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
|
|
},
|
|
{
|
|
"name" : "SUSE-SR:2010:017",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
|
|
},
|
|
{
|
|
"name" : "65143",
|
|
"refsource" : "OSVDB",
|
|
"url" : "http://www.osvdb.org/65143"
|
|
},
|
|
{
|
|
"name" : "40028",
|
|
"refsource" : "SECUNIA",
|
|
"url" : "http://secunia.com/advisories/40028"
|
|
},
|
|
{
|
|
"name" : "ADV-2011-0606",
|
|
"refsource" : "VUPEN",
|
|
"url" : "http://www.vupen.com/english/advisories/2011/0606"
|
|
}
|
|
]
|
|
}
|
|
}
|