CVE-2010-2059 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-2059 Interim 1 12 2023-02-15T02:38:33Z current 2021-05-30T12:51:54Z 2023-02-15T02:38:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-2059 lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html E-Mail link for SUSE-SR:2010:014 https://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html E-Mail link for SUSE-SR:2010:017 https://lists.opensuse.org/opensuse-updates/2010-07/msg00037.html E-Mail link for openSUSE-SU-2010:0428-1 https://lists.opensuse.org/opensuse-updates/2010-09/msg00027.html E-Mail link for openSUSE-SU-2010:0627-1 https://lists.opensuse.org/opensuse-updates/2010-09/msg00028.html E-Mail link for openSUSE-SU-2010:0629-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 popt-1.7-37.18.1 popt-1.7-37.25.1 popt-32bit-1.7-37.18.1 popt-32bit-1.7-37.25.1 popt-x86-1.7-37.18.1 rpm-32bit-4.4.2.3-37.18.1 rpm-32bit-4.4.2.3-37.25.1 rpm-4.4.2.3-37.18.1 rpm-4.4.2.3-37.25.1 rpm-python-4.4.2.3-37.29.35.1 rpm-x86-4.4.2.3-37.18.1 popt-1.7-37.18.1 as a component of SUSE Linux Enterprise Server 11 popt-32bit-1.7-37.18.1 as a component of SUSE Linux Enterprise Server 11 popt-x86-1.7-37.18.1 as a component of SUSE Linux Enterprise Server 11 rpm-4.4.2.3-37.18.1 as a component of SUSE Linux Enterprise Server 11 rpm-32bit-4.4.2.3-37.18.1 as a component of SUSE Linux Enterprise Server 11 rpm-x86-4.4.2.3-37.18.1 as a component of SUSE Linux Enterprise Server 11 popt-1.7-37.25.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA popt-32bit-1.7-37.25.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA rpm-4.4.2.3-37.25.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA rpm-32bit-4.4.2.3-37.25.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA rpm-python-4.4.2.3-37.29.35.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA popt-1.7-37.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 popt-32bit-1.7-37.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 popt-x86-1.7-37.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 rpm-4.4.2.3-37.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 rpm-32bit-4.4.2.3-37.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 rpm-x86-4.4.2.3-37.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file. CVE-2010-2059 SUSE Linux Enterprise Server 11:popt-1.7-37.18.1 SUSE Linux Enterprise Server 11:popt-32bit-1.7-37.18.1 SUSE Linux Enterprise Server 11:popt-x86-1.7-37.18.1 SUSE Linux Enterprise Server 11:rpm-4.4.2.3-37.18.1 SUSE Linux Enterprise Server 11:rpm-32bit-4.4.2.3-37.18.1 SUSE Linux Enterprise Server 11:rpm-x86-4.4.2.3-37.18.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:popt-1.7-37.25.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:popt-32bit-1.7-37.25.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:rpm-4.4.2.3-37.25.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:rpm-32bit-4.4.2.3-37.25.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:rpm-python-4.4.2.3-37.29.35.1 SUSE Linux Enterprise Server for SAP Applications 11:popt-1.7-37.18.1 SUSE Linux Enterprise Server for SAP Applications 11:popt-32bit-1.7-37.18.1 SUSE Linux Enterprise Server for SAP Applications 11:popt-x86-1.7-37.18.1 SUSE Linux Enterprise Server for SAP Applications 11:rpm-4.4.2.3-37.18.1 SUSE Linux Enterprise Server for SAP Applications 11:rpm-32bit-4.4.2.3-37.18.1 SUSE Linux Enterprise Server for SAP Applications 11:rpm-x86-4.4.2.3-37.18.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C