CVE-2010-2199
First published: Tue Jun 01 2010(Updated: )
Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2010-2199">CVE-2010-2199</a> to the following vulnerability: Name: <a href="https://access.redhat.com/security/cve/CVE-2010-2199">CVE-2010-2199</a> URL: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2199">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2199</a> Assigned: 20100608 Reference: CONFIRM: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED UPSTREAM - CVE-2005-4889 rpm: Updates leave hardlinked copies untouched." href="show_bug.cgi?id=125517">https://bugzilla.redhat.com/show_bug.cgi?id=125517</a> lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to <a href="https://access.redhat.com/security/cve/CVE-2010-2059">CVE-2010-2059</a>. See <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2010-2059 rpm: fails to drop SUID/SGID bits on package upgrade" href="show_bug.cgi?id=598775">bug #598775</a> for an initial description and comments of this issue. Because different CVE names were assigned for different, yet related, issues, a separate bug has been filed for this particular issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rpm Rpm | =2.3.5 | |
| Rpm Rpm | =4.4.2.1 | |
| Rpm Rpm | =1.4.3 | |
| Rpm Rpm | =3.0.1 | |
| Rpm Rpm | =4.1 | |
| Rpm Rpm | =2.2.3.11 | |
| Rpm Rpm | =2.4.4 | |
| Rpm Rpm | =2.3.8 | |
| Rpm Rpm | =2.0.6 | |
| Rpm Rpm | =1.4.4 | |
| Rpm Rpm | =4.4.2 | |
| Rpm Rpm | =1.4.2\/a | |
| Rpm Rpm | =2.4.1 | |
| Rpm Rpm | =2.4.9 | |
| Rpm Rpm | =2.6.7 | |
| Rpm Rpm | =2..4.10 | |
| Rpm Rpm | =1.4 | |
| Rpm Rpm | =2.0.10 | |
| Rpm Rpm | =2.4.5 | |
| Rpm Rpm | =4.0.1 | |
| Rpm Rpm | =2.2.11 | |
| Rpm Rpm | =4.0.4 | |
| Rpm Rpm | =2.2.1 | |
| Rpm Rpm | =2.0.1 | |
| Rpm Rpm | =1.4.2 | |
| Rpm Rpm | =3.0.3 | |
| Rpm Rpm | =2.0.7 | |
| Rpm Rpm | =4.0.2 | |
| Rpm Rpm | =2.2.8 | |
| Rpm Rpm | =3.0.2 | |
| Rpm Rpm | =1.2 | |
| Rpm Rpm | =4.0. | |
| Rpm Rpm | =2.1.1 | |
| Rpm Rpm | =4.3.3 | |
| Rpm Rpm | =2.5.5 | |
| Rpm Rpm | =2.0.8 | |
| Rpm Rpm | =2.3 | |
| Rpm Rpm | =4.4.2.2 | |
| Rpm Rpm | =2.4.8 | |
| Rpm Rpm | =3.0.4 | |
| Rpm Rpm | =2.5.6 | |
| Rpm Rpm | =2.0 | |
| Rpm Rpm | =2.0.2 | |
| Rpm Rpm | =2.3.2 | |
| Rpm Rpm | =2.4.3 | |
| Rpm Rpm | =2.4.2 | |
| Rpm Rpm | =1.4.5 | |
| Rpm Rpm | =2.0.11 | |
| Rpm Rpm | =3.0.5 | |
| Rpm Rpm | =1.3 | |
| Rpm Rpm | =2.2.3 | |
| Rpm Rpm | =2.2 | |
| Rpm Rpm | =2.1.2 | |
| Rpm Rpm | =2.3.9 | |
| Rpm Rpm | =2.2.4 | |
| Rpm Rpm | =2.2.9 | |
| Rpm Rpm | =2.5.3 | |
| Rpm Rpm | =2.2.6 | |
| Rpm Rpm | =2.3.6 | |
| Rpm Rpm | =2.5 | |
| Rpm Rpm | =2.2.3.10 | |
| Rpm Rpm | =2.0.5 | |
| Rpm Rpm | =4.4.2.3 | |
| Rpm Rpm | =2.4.12 | |
| Rpm Rpm | =2.5.4 | |
| Rpm Rpm | =1.4.7 | |
| Rpm Rpm | =3.0 | |
| Rpm Rpm | =1.4.6 | |
| Rpm Rpm | =2.5.2 | |
| Rpm Rpm | =2.4.11 | |
| Rpm Rpm | =2.0.9 | |
| Rpm Rpm | =2.1 | |
| Rpm Rpm | =2.2.10 | |
| Rpm Rpm | =2.3.3 | |
| Rpm Rpm | =2.3.7 | |
| Rpm Rpm | =2.3.4 | |
| Rpm Rpm | =2.0.4 | |
| Rpm Rpm | =1.3.1 | |
| Rpm Rpm | =3.0.6 | |
| Rpm Rpm | =2.0.3 | |
| Rpm Rpm | =2.3.1 | |
| Rpm Rpm | =4.0.3 | |
| Rpm Rpm | =2.4.6 | |
| Rpm Rpm | =2.5.1 | |
| Rpm Rpm | =2.2.5 | |
| Rpm Rpm | =2.2.2 | |
| Rpm Rpm | =2.2.7 | |
| Rpm Rpm | =4.6.0 | |
| Rpm Rpm | <=4.8.0 | |
| Rpm Rpm | =4.7.2 | |
| Rpm Rpm | =4.7.0 | |
| Rpm Rpm | =4.6.1 | |
| Rpm Rpm | =4.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=125517
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59416
- https://www.cve.org/CVERecord?id=CVE-2010-2199 https://nvd.nist.gov/vuln/detail/CVE-2010-2199
- https://bugzilla.redhat.com/show_bug.cgi?id=601956
- https://access.redhat.com/security/cve/CVE-2010-2199
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2199
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=125517
- https://access.redhat.com/security/cve/CVE-2010-2059
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=598775
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=601956#c2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=125517#c13
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=601956#c13
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=601956#c6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=601956#c11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=589775#c25
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=589775#c0
- http://www.hackinglinuxexposed.com/articles/20031111.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=601956#c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=598775#c16
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=601956#c20
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=601956#c22
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=603244
- collector/nvd-historical
- collector/redhat-cve
- collector/redhat-bugzilla
- alias/CVE-2010-2199
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/rpm
- canonical/rpm rpm
- version/rpm rpm/2.3.5
- version/rpm rpm/4.4.2.1
- version/rpm rpm/1.4.3
- version/rpm rpm/3.0.1
- version/rpm rpm/4.1
- version/rpm rpm/2.2.3.11
- version/rpm rpm/2.4.4
- version/rpm rpm/2.3.8
- version/rpm rpm/2.0.6
- version/rpm rpm/1.4.4
- version/rpm rpm/4.4.2
- version/rpm rpm/1.4.2\/a
- version/rpm rpm/2.4.1
- version/rpm rpm/2.4.9
- version/rpm rpm/2.6.7
- version/rpm rpm/2..4.10
- version/rpm rpm/1.4
- version/rpm rpm/2.0.10
- version/rpm rpm/2.4.5
- version/rpm rpm/4.0.1
- version/rpm rpm/2.2.11
- version/rpm rpm/4.0.4
- version/rpm rpm/2.2.1
- version/rpm rpm/2.0.1
- version/rpm rpm/1.4.2
- version/rpm rpm/3.0.3
- version/rpm rpm/2.0.7
- version/rpm rpm/4.0.2
- version/rpm rpm/2.2.8
- version/rpm rpm/3.0.2
- version/rpm rpm/1.2
- version/rpm rpm/4.0.
- version/rpm rpm/2.1.1
- version/rpm rpm/4.3.3
- version/rpm rpm/2.5.5
- version/rpm rpm/2.0.8
- version/rpm rpm/2.3
- version/rpm rpm/4.4.2.2
- version/rpm rpm/2.4.8
- version/rpm rpm/3.0.4
- version/rpm rpm/2.5.6
- version/rpm rpm/2.0
- version/rpm rpm/2.0.2
- version/rpm rpm/2.3.2
- version/rpm rpm/2.4.3
- version/rpm rpm/2.4.2
- version/rpm rpm/1.4.5
- version/rpm rpm/2.0.11
- version/rpm rpm/3.0.5
- version/rpm rpm/1.3
- version/rpm rpm/2.2.3
- version/rpm rpm/2.2
- version/rpm rpm/2.1.2
- version/rpm rpm/2.3.9
- version/rpm rpm/2.2.4
- version/rpm rpm/2.2.9
- version/rpm rpm/2.5.3
- version/rpm rpm/2.2.6
- version/rpm rpm/2.3.6
- version/rpm rpm/2.5
- version/rpm rpm/2.2.3.10
- version/rpm rpm/2.0.5
- version/rpm rpm/4.4.2.3
- version/rpm rpm/2.4.12
- version/rpm rpm/2.5.4
- version/rpm rpm/1.4.7
- version/rpm rpm/3.0
- version/rpm rpm/1.4.6
- version/rpm rpm/2.5.2
- version/rpm rpm/2.4.11
- version/rpm rpm/2.0.9
- version/rpm rpm/2.1
- version/rpm rpm/2.2.10
- version/rpm rpm/2.3.3
- version/rpm rpm/2.3.7
- version/rpm rpm/2.3.4
- version/rpm rpm/2.0.4
- version/rpm rpm/1.3.1
- version/rpm rpm/3.0.6
- version/rpm rpm/2.0.3
- version/rpm rpm/2.3.1
- version/rpm rpm/4.0.3
- version/rpm rpm/2.4.6
- version/rpm rpm/2.5.1
- version/rpm rpm/2.2.5
- version/rpm rpm/2.2.2
- version/rpm rpm/2.2.7
- version/rpm rpm/4.6.0
- version/rpm rpm/4.8.0
- version/rpm rpm/4.7.2
- version/rpm rpm/4.7.0
- version/rpm rpm/4.6.1
- version/rpm rpm/4.7.1