CVE-2010-2059 (GCVE-0-2010-2059)

Vulnerability from cvelistv5 – Published: 2010-06-08 18:00 – Updated: 2024-08-07 02:17
VLAI?
Summary
lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors… x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-06… vendor-advisoryx_refsource_REDHAT
http://lists.vmware.com/pipermail/security-announ… mailing-listx_refsource_MLIST
http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0606 vdb-entryx_refsource_VUPEN
http://www.osvdb.org/65143 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/archive/1/516909/100… mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/40028 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=oss-security&m=127559059928131&w=2 mailing-listx_refsource_MLIST
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://www.openwall.com/lists/oss-security/2010/06/02/2 mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=598775 x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2010/06/02/3 mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2010/06/03/5 mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2010/06/04/1 mailing-listx_refsource_MLIST
http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=125517 x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:17:14.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
          },
          {
            "name": "RHSA-2010:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
          },
          {
            "name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383"
          },
          {
            "name": "ADV-2011-0606",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0606"
          },
          {
            "name": "65143",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/65143"
          },
          {
            "name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
          },
          {
            "name": "40028",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40028"
          },
          {
            "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
          },
          {
            "name": "MDVSA-2010:180",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
          },
          {
            "name": "[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/02/2"
          },
          {
            "name": "SUSE-SR:2010:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
          },
          {
            "name": "SUSE-SR:2010:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
          },
          {
            "name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
          },
          {
            "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
          },
          {
            "name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
        },
        {
          "name": "RHSA-2010:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
        },
        {
          "name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383"
        },
        {
          "name": "ADV-2011-0606",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0606"
        },
        {
          "name": "65143",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/65143"
        },
        {
          "name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
        },
        {
          "name": "40028",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40028"
        },
        {
          "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2"
        },
        {
          "name": "MDVSA-2010:180",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
        },
        {
          "name": "[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/02/2"
        },
        {
          "name": "SUSE-SR:2010:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
        },
        {
          "name": "SUSE-SR:2010:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
        },
        {
          "name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
        },
        {
          "name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
        },
        {
          "name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2059",
    "datePublished": "2010-06-08T18:00:00",
    "dateReserved": "2010-05-25T00:00:00",
    "dateUpdated": "2024-08-07T02:17:14.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2059\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-06-08T18:30:10.037\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.\"},{\"lang\":\"es\",\"value\":\"lib/fsm.c en RPM v4.8.0 y veriones sin especificar v4.7.x y v4.6.x, y RPM anterior a v4.4.3, no resetea adecuadamente los metadatos de un archivo ejecutable durante el reemplazo del archivo en una actualizaci\u00f3n del paquete RPM, lo que podr\u00eda permitir a usuarios locales obtener privilegios creando un enlace duro a un archivo vulnerable (1)setuid o (2) setgid.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.4.2.3\",\"matchCriteriaId\":\"368283A7-FAC3-460B-8A18-DEA1E5996915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76112E07-F476-41E5-9FF8-E85C28019BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E064D1B0-093D-4C62-89A0-481D261F9AE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D05B2BC3-41EB-4839-B3DC-AF8B567D0318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55B95097-EEA2-42A1-AA30-4AC519E67B1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"267ACF41-E8E2-4F9E-983A-E526DACFCE82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.4.2\\\\/a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6429C42B-EBD6-4D93-AABB-AD268ADB72AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1372FF29-498C-41CB-AB2E-25CEC92866AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EFE8428-E00F-4E5F-8787-F63FEE93E617\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE4E9CC7-1BD8-490B-9C9B-E4A76EFAD13D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFAB0B1A-A9E5-4808-85EC-0BD2A3F753AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D1E892-05D5-4C79-AD12-7B7C0421E509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2..4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E092A7C-7B5A-449C-B49D-96BB5A1E011E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CA6696D-D6CC-4C23-AB8F-91474BFC341E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B16D91A5-35F5-44F3-A515-8E4F27B563D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08974D05-C00C-438C-A76F-E17C191D0CE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81771BF8-0788-44B5-8694-AFF436FDECD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93BF53E9-CC37-4E31-9F34-2B569947887F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2D79478-665E-4D18-AAA6-BA51C41A4C74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A59FF59-BD73-4C13-AC51-98126ED46573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99C83F0D-159B-4CFB-92C6-83D36225080A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B7A4BC0-43DF-4542-A54F-BF8B07F30B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B926B035-659A-4F86-B680-CD1A6163F2D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A98BC57C-69AD-40F6-885B-3A560F69809F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71499D02-8989-4AA0-80FB-28860F103EB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B424D987-8421-4FE5-B9F7-0D4AB7AC921B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F58F12D-301C-4C4D-8F78-0B6A7B220B0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19A30CF4-508D-407B-A097-30331AF9D452\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E49FB5B-5BFA-4736-8F2C-C07188D0BC00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"883AE5CC-379E-41A7-A8B5-12671015F131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B8D8FEA-89A2-4133-89D7-FD403D605E4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBDA2319-4C36-44A5-A1F2-E0F1EFC1DE23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E11322F8-93B7-457C-8993-B0A8D3274468\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADD35E28-313C-4CF7-AEC0-1C91316FF5B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B591779-643B-4E2E-9270-40748EDA1BA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB3C91C9-CFDC-4C51-B6AF-51F1560161A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9D67C30-F0CA-410B-8C3A-EA5536BC256E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80DB9D55-9BC2-416C-9A2A-021F4EC0E884\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B48E845-573C-4F07-8D69-F1A54CCEEDE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9642BA0F-CBBD-4FB5-8A20-BBCAD7EC31CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45C9FE2D-197A-45EB-BE40-B746B13F2C02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E07E462F-2163-430B-9315-75BFD00113C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F650FC0-1DF8-4432-92F5-4B4DCEFC2D39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"347BC012-5307-4B0F-A013-624ED455ABD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ED89DCC-0EFF-4665-BDE0-406155A46BDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EEB6C44-B615-46F8-A5DC-BEF25D932314\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"979D846B-9DD9-474A-A8BE-25334D2969B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDF5DE17-2061-4896-B7DA-CFDEF46E9652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB528B71-8BF5-4D93-A1BC-DF0502AEA58F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0585DC0B-DFBB-466E-9D3D-86E19A4B88A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041B087D-4FBC-4EDC-AAC0-DF8A1D39980A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE4FB33B-5015-4620-BD21-3F0C916069EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"684E9118-30B2-476C-816E-CA4B2916017B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF46B23-559C-4DF0-8510-C79F17ABF22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD40A202-557B-495C-BBE5-DEC9FF97EE56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F3DB711-AE17-4B3B-9D45-C38CBDF418A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF2E6A8E-4C9B-46A1-B786-6C0B3A3395F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D049089-7FBD-41A6-8A5B-8497DA24C720\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20DEBEDF-3E64-4417-BC41-7F0E20C522F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF99B53-237E-468B-8B7F-A105FE40803B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5D5F196-4BA9-43EB-BE38-EE405C8CC0FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66C4022C-F1D4-4A58-8341-E22EAF943511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5503DC6-40DB-4A84-984E-BDEED82F224A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90148D48-5DA5-46F9-AE96-618C427A5DA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"733E1435-CE73-4A39-97EB-304D2F45A838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA80DA6E-CCE3-4CAF-B2A1-E6FF2B702D3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D08FD930-F2BC-47BC-86BC-07545D1431B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97DE028F-D0BE-435C-826D-CCBFFEBF3B31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08EB15D-1842-41F4-9F19-FF6571055242\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:2.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43CF2BBF-83AA-451E-8E30-E040EFCF6F64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"409B29B1-E2E0-4CBD-83D0-F4CE67820F5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D325D4A-166A-4174-BEA8-1C6D47A8DDBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6AEBBD1-2320-42A3-8DCA-46DF61007349\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E54C09F8-F0F5-4BDF-868F-0B6A4609B3E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132C1B54-0438-4239-B599-8160D494EE26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E5CCEAC-3D92-46DB-AC88-859ED5A5E277\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED68CE6A-2BF5-49F2-AEAE-199AAC94807B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.0.:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C589CD4-5A9E-41E1-BBFA-AF4BE2DD31E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E406BD-8CC3-4929-ABB2-F820F8C83823\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8685704C-C43D-4315-A541-4E04B7B08B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39C1D452-A003-4DB1-A8CF-0F7FBB9A5811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4F8C79E-416F-4C88-B102-3BB60E969FAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F47849F-4466-4500-802C-260970D6A764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C190DE39-ABEF-4DA1-A909-B9E98BD5A468\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94E5263C-1695-4932-9C20-297067B38F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77BB52FC-E320-47CD-A180-C22371D7AFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01A746D6-4C15-49BD-B17C-2CA06FFA76D8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEBBBEE-CE1D-4F4B-B0F7-428814B791BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"055D95AA-3797-437E-88FD-764D807B5E2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7164A1F5-EE8E-46C6-8E9E-D267CF5936ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62495EC6-B5DB-4AB2-840C-98AC4CE34990\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A87B2FBC-567D-4A1F-AA9C-5DA68C1AA4FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FCD5EE9-2D1F-4042-B53A-C5BA24265709\"}]}]}],\"references\":[{\"url\":\"http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2011/000126.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/40028\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:180\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/06/02/2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/06/02/3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/06/03/5\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/06/04/1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/65143\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0679.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/516909/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0606\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=125517\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=598775\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2011/000126.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=127559059928131\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:180\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/06/02/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/06/02/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/06/03/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/06/04/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/65143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0679.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/516909/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0606\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=125517\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=598775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.