CVE-2010-2199

HIGH

Description

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.

References

https://bugzilla.redhat.com/show_bug.cgi?id=125517

https://exchange.xforce.ibmcloud.com/vulnerabilities/59416

Details

Source: MITRE

Published: 2010-06-08

Updated: 2017-08-17

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH