Scientific Linux Security Update : rpm on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

It was discovered that RPM did not remove setuid and setgid bits set
on binaries when upgrading or removing packages. A local attacker able
to create hard links to binaries could use this flaw to keep those
binaries on the system, at a specific version level and with the
setuid or setgid bit set, even if the package providing them was
upgraded or removed by a system administrator. This could have
security implications if a package was upgraded or removed because of
a security flaw in a setuid or setgid program. (CVE-2005-4889,

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60851 ()

Bugtraq ID:

CVE ID: CVE-2005-4889