REDHAT-BUG-598775
First published: Wed Jun 02 2010(Updated: )
Created <span class="bz_obsolete"><a href="attachment.cgi?id=418879" name="attach_418879" title="SRPM for testing this bug">attachment 418879</a> <a href="attachment.cgi?id=418879&action=edit" title="SRPM for testing this bug">[details]</a></span> SRPM for testing this bug Description of problem: When RPM replaces an executable, it does not clear the setuid and setgid bits of the old file. Thus, if a user made a hard link to the old executable, he/she will still be able to run it with elevated privileges. This is bad if it was replaced because it had a vulnerability. The problem seems to occur only when executables are replaced, not when they are erased. This is the same bug that was previously noted in dpkg: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692</a> Version-Release number of selected component (if applicable): rpm-4.8.0-14.fc13.x86_64 How reproducible: Always Steps to Reproduce: 1. Rebuild the attached SRPM twice, once with -D 'rel 1' and once with -D 'rel 2'. 2. mkdir /tmp/rpm-setuid-test 3. rpm -i rpm-setuid-test-0-1.fc13.$(rpm -E '%{_build_arch}').rpm 4. ln /usr/bin/rpm-setuid-test /tmp/rpm-setuid-test/ 5. rpm -U rpm-setuid-test-0-2.fc13.$(rpm -E '%{_build_arch}').rpm 6. ls -l /tmp/rpm-setuid-test/rpm-setuid-test Actual results: The old executable is setuid. Expected results: The old executable is not setuid.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RPM Package Manager |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=418879
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=418879&action=edit
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692
- http://rpm.org/gitweb?p=rpm.git;a=commit;h=ca2d6b2b484f1501eafdde02e1688409340d2383
- http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=4d172a194addc49851e558ea390d3045894e3230
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=418968
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=418968&action=edit
- http://www.openwall.com/lists/oss-security/2010/06/02/2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=125517
- https://access.redhat.com/security/cve/CVE-2010-2059
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=598775#c12
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=598775#c14
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=598775#c10
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=598775#c17
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=601955
- https://access.redhat.com/security/cve/CVE-2010-2198
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=601956
- https://access.redhat.com/security/cve/CVE-2010-2199
- http://admin.fedoraproject.org/updates/rpm-4.8.1-1.fc13
- https://access.redhat.com/security/cve/CVE-2005-4889
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=598775#c25
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=598775#c28
- http://admin.fedoraproject.org/updates/rpm-4.7.2-2.fc12
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=598934#c4
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2059
- https://rhn.redhat.com/errata/RHSA-2010-0679.html
- https://rhn.redhat.com/errata/RHSA-2010-0678.html
- https://bugzilla.redhat.com/show_bug.cgi?id=598775
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2059
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/rpm
- canonical/rpm package manager