Vulnerability Description
lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rpm | Rpm | <= 4.4.2.3 |
Related Weaknesses (CWE)
References
- http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.Patch
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:180
- https://bugzilla.redhat.com/show_bug.cgi?id=125517
- https://bugzilla.redhat.com/show_bug.cgi?id=598775
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59426
- http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.Patch
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:180
- https://bugzilla.redhat.com/show_bug.cgi?id=125517
- https://bugzilla.redhat.com/show_bug.cgi?id=598775
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59426
FAQ
What is CVE-2005-4889?
CVE-2005-4889 is a vulnerability with a CVSS score of 7.2 (HIGH). lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by crea...
How severe is CVE-2005-4889?
CVE-2005-4889 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4889?
Check the references section above for vendor advisories and patch information. Affected products include: Rpm Rpm.