VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2005-4889

rpm: lib/fsm.c in RPM before 4.4.3 does not properly res...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4889

Original

lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-06-08

Source Information Category:

Advisory, Alert

Last Updated:

2010-06-09

Affected Product Tags

cpe:/a:rpm:rpm:1.2

cpe:/a:rpm:rpm:1.3

cpe:/a:rpm:rpm:1.3.1

cpe:/a:rpm:rpm:1.4

cpe:/a:rpm:rpm:1.4.2

cpe:/a:rpm:rpm:1.4.2%2Fa

cpe:/a:rpm:rpm:1.4.3

cpe:/a:rpm:rpm:1.4.4

cpe:/a:rpm:rpm:1.4.5

cpe:/a:rpm:rpm:1.4.6

cpe:/a:rpm:rpm:1.4.7

cpe:/a:rpm:rpm:2..4.10

cpe:/a:rpm:rpm:2.0

cpe:/a:rpm:rpm:2.0.1

cpe:/a:rpm:rpm:2.0.10

cpe:/a:rpm:rpm:2.0.11

cpe:/a:rpm:rpm:2.0.2

cpe:/a:rpm:rpm:2.0.3

cpe:/a:rpm:rpm:2.0.4

cpe:/a:rpm:rpm:2.0.5

cpe:/a:rpm:rpm:2.0.6

cpe:/a:rpm:rpm:2.0.7

cpe:/a:rpm:rpm:2.0.8

cpe:/a:rpm:rpm:2.0.9

cpe:/a:rpm:rpm:2.1

cpe:/a:rpm:rpm:2.1.1

cpe:/a:rpm:rpm:2.1.2

cpe:/a:rpm:rpm:2.2

cpe:/a:rpm:rpm:2.2.1

cpe:/a:rpm:rpm:2.2.10

cpe:/a:rpm:rpm:2.2.11

cpe:/a:rpm:rpm:2.2.2

cpe:/a:rpm:rpm:2.2.3

cpe:/a:rpm:rpm:2.2.3.10

cpe:/a:rpm:rpm:2.2.3.11

cpe:/a:rpm:rpm:2.2.4

cpe:/a:rpm:rpm:2.2.5

cpe:/a:rpm:rpm:2.2.6

cpe:/a:rpm:rpm:2.2.7

cpe:/a:rpm:rpm:2.2.8

cpe:/a:rpm:rpm:2.2.9

cpe:/a:rpm:rpm:2.3

cpe:/a:rpm:rpm:2.3.1

cpe:/a:rpm:rpm:2.3.2

cpe:/a:rpm:rpm:2.3.3

cpe:/a:rpm:rpm:2.3.4

cpe:/a:rpm:rpm:2.3.5

cpe:/a:rpm:rpm:2.3.6

cpe:/a:rpm:rpm:2.3.7

cpe:/a:rpm:rpm:2.3.8

cpe:/a:rpm:rpm:2.3.9

cpe:/a:rpm:rpm:2.4.1

cpe:/a:rpm:rpm:2.4.11

cpe:/a:rpm:rpm:2.4.12

cpe:/a:rpm:rpm:2.4.2

cpe:/a:rpm:rpm:2.4.3

cpe:/a:rpm:rpm:2.4.4

cpe:/a:rpm:rpm:2.4.5

cpe:/a:rpm:rpm:2.4.6

cpe:/a:rpm:rpm:2.4.8

cpe:/a:rpm:rpm:2.4.9

cpe:/a:rpm:rpm:2.5

cpe:/a:rpm:rpm:2.5.1

cpe:/a:rpm:rpm:2.5.2

cpe:/a:rpm:rpm:2.5.3

cpe:/a:rpm:rpm:2.5.4

cpe:/a:rpm:rpm:2.5.5

cpe:/a:rpm:rpm:2.5.6

cpe:/a:rpm:rpm:2.6.7

cpe:/a:rpm:rpm:3.0

cpe:/a:rpm:rpm:3.0.1

cpe:/a:rpm:rpm:3.0.2

cpe:/a:rpm:rpm:3.0.3

cpe:/a:rpm:rpm:3.0.4

cpe:/a:rpm:rpm:3.0.5

cpe:/a:rpm:rpm:3.0.6

cpe:/a:rpm:rpm:4.0.

cpe:/a:rpm:rpm:4.0.1

cpe:/a:rpm:rpm:4.0.2

cpe:/a:rpm:rpm:4.0.3

cpe:/a:rpm:rpm:4.0.4

cpe:/a:rpm:rpm:4.1

cpe:/a:rpm:rpm:4.3.3

cpe:/a:rpm:rpm:4.4.2.

cpe:/a:rpm:rpm:4.4.2.1

cpe:/a:rpm:rpm:4.4.2.2

cpe:/a:rpm:rpm:4.4.2.3 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=598775

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=125517

CONFIRM http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)