CVE-2005-4889
rpm: fails to drop SUID/SGID bits on package removal
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.
lib/fsm.c en RPM antes de v4.4.3 no reinicia los metadatos de un archivo ejecutable durante la eliminación de los archivos en una eliminación de paquetes con RPM, lo que podría permitir a usuarios locales conseguir privilegios mediante la creación de un vínculo físico a un fichero vulnerable (1) con permiso setuid o (2) con permiso setgid. Se trata de un problema relacionado con la CVE-2010-2059.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-06-08 CVE Reserved
- 2010-06-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=125517 | X_refsource_confirm | |
| https://bugzilla.redhat.com/show_bug.cgi?id=598775 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59426 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz | 2017-08-17 |
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:180 | 2017-08-17 | |
| https://access.redhat.com/security/cve/CVE-2005-4889 | 2010-09-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=625756 | 2010-09-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | <= 4.4.2.3 Search vendor "Rpm" for product "Rpm" and version " <= 4.4.2.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.2 Search vendor "Rpm" for product "Rpm" and version "1.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.3 Search vendor "Rpm" for product "Rpm" and version "1.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.3.1 Search vendor "Rpm" for product "Rpm" and version "1.3.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.4 Search vendor "Rpm" for product "Rpm" and version "1.4" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.4.2 Search vendor "Rpm" for product "Rpm" and version "1.4.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.4.2\/a Search vendor "Rpm" for product "Rpm" and version "1.4.2\/a" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.4.3 Search vendor "Rpm" for product "Rpm" and version "1.4.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.4.4 Search vendor "Rpm" for product "Rpm" and version "1.4.4" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.4.5 Search vendor "Rpm" for product "Rpm" and version "1.4.5" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.4.6 Search vendor "Rpm" for product "Rpm" and version "1.4.6" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 1.4.7 Search vendor "Rpm" for product "Rpm" and version "1.4.7" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2..4.10 Search vendor "Rpm" for product "Rpm" and version "2..4.10" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0 Search vendor "Rpm" for product "Rpm" and version "2.0" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.1 Search vendor "Rpm" for product "Rpm" and version "2.0.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.2 Search vendor "Rpm" for product "Rpm" and version "2.0.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.3 Search vendor "Rpm" for product "Rpm" and version "2.0.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.4 Search vendor "Rpm" for product "Rpm" and version "2.0.4" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.5 Search vendor "Rpm" for product "Rpm" and version "2.0.5" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.6 Search vendor "Rpm" for product "Rpm" and version "2.0.6" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.7 Search vendor "Rpm" for product "Rpm" and version "2.0.7" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.8 Search vendor "Rpm" for product "Rpm" and version "2.0.8" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.9 Search vendor "Rpm" for product "Rpm" and version "2.0.9" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.10 Search vendor "Rpm" for product "Rpm" and version "2.0.10" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.0.11 Search vendor "Rpm" for product "Rpm" and version "2.0.11" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.1 Search vendor "Rpm" for product "Rpm" and version "2.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.1.1 Search vendor "Rpm" for product "Rpm" and version "2.1.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.1.2 Search vendor "Rpm" for product "Rpm" and version "2.1.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2 Search vendor "Rpm" for product "Rpm" and version "2.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.1 Search vendor "Rpm" for product "Rpm" and version "2.2.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.2 Search vendor "Rpm" for product "Rpm" and version "2.2.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.3 Search vendor "Rpm" for product "Rpm" and version "2.2.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.3.10 Search vendor "Rpm" for product "Rpm" and version "2.2.3.10" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.3.11 Search vendor "Rpm" for product "Rpm" and version "2.2.3.11" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.4 Search vendor "Rpm" for product "Rpm" and version "2.2.4" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.5 Search vendor "Rpm" for product "Rpm" and version "2.2.5" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.6 Search vendor "Rpm" for product "Rpm" and version "2.2.6" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.7 Search vendor "Rpm" for product "Rpm" and version "2.2.7" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.8 Search vendor "Rpm" for product "Rpm" and version "2.2.8" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.9 Search vendor "Rpm" for product "Rpm" and version "2.2.9" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.10 Search vendor "Rpm" for product "Rpm" and version "2.2.10" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.2.11 Search vendor "Rpm" for product "Rpm" and version "2.2.11" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.3 Search vendor "Rpm" for product "Rpm" and version "2.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.3.1 Search vendor "Rpm" for product "Rpm" and version "2.3.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.3.2 Search vendor "Rpm" for product "Rpm" and version "2.3.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.3.3 Search vendor "Rpm" for product "Rpm" and version "2.3.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.3.4 Search vendor "Rpm" for product "Rpm" and version "2.3.4" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.3.5 Search vendor "Rpm" for product "Rpm" and version "2.3.5" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.3.6 Search vendor "Rpm" for product "Rpm" and version "2.3.6" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.3.7 Search vendor "Rpm" for product "Rpm" and version "2.3.7" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.3.8 Search vendor "Rpm" for product "Rpm" and version "2.3.8" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.3.9 Search vendor "Rpm" for product "Rpm" and version "2.3.9" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.4.1 Search vendor "Rpm" for product "Rpm" and version "2.4.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.4.2 Search vendor "Rpm" for product "Rpm" and version "2.4.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.4.3 Search vendor "Rpm" for product "Rpm" and version "2.4.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.4.4 Search vendor "Rpm" for product "Rpm" and version "2.4.4" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.4.5 Search vendor "Rpm" for product "Rpm" and version "2.4.5" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.4.6 Search vendor "Rpm" for product "Rpm" and version "2.4.6" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.4.8 Search vendor "Rpm" for product "Rpm" and version "2.4.8" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.4.9 Search vendor "Rpm" for product "Rpm" and version "2.4.9" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.4.11 Search vendor "Rpm" for product "Rpm" and version "2.4.11" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.4.12 Search vendor "Rpm" for product "Rpm" and version "2.4.12" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.5 Search vendor "Rpm" for product "Rpm" and version "2.5" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.5.1 Search vendor "Rpm" for product "Rpm" and version "2.5.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.5.2 Search vendor "Rpm" for product "Rpm" and version "2.5.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.5.3 Search vendor "Rpm" for product "Rpm" and version "2.5.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.5.4 Search vendor "Rpm" for product "Rpm" and version "2.5.4" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.5.5 Search vendor "Rpm" for product "Rpm" and version "2.5.5" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.5.6 Search vendor "Rpm" for product "Rpm" and version "2.5.6" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 2.6.7 Search vendor "Rpm" for product "Rpm" and version "2.6.7" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 3.0 Search vendor "Rpm" for product "Rpm" and version "3.0" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 3.0.1 Search vendor "Rpm" for product "Rpm" and version "3.0.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 3.0.2 Search vendor "Rpm" for product "Rpm" and version "3.0.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 3.0.3 Search vendor "Rpm" for product "Rpm" and version "3.0.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 3.0.4 Search vendor "Rpm" for product "Rpm" and version "3.0.4" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 3.0.5 Search vendor "Rpm" for product "Rpm" and version "3.0.5" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 3.0.6 Search vendor "Rpm" for product "Rpm" and version "3.0.6" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 4.0. Search vendor "Rpm" for product "Rpm" and version "4.0." | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 4.0.1 Search vendor "Rpm" for product "Rpm" and version "4.0.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 4.0.2 Search vendor "Rpm" for product "Rpm" and version "4.0.2" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 4.0.3 Search vendor "Rpm" for product "Rpm" and version "4.0.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 4.0.4 Search vendor "Rpm" for product "Rpm" and version "4.0.4" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 4.1 Search vendor "Rpm" for product "Rpm" and version "4.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 4.3.3 Search vendor "Rpm" for product "Rpm" and version "4.3.3" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 4.4.2. Search vendor "Rpm" for product "Rpm" and version "4.4.2." | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 4.4.2.1 Search vendor "Rpm" for product "Rpm" and version "4.4.2.1" | - |
Affected
| ||||||
| Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | 4.4.2.2 Search vendor "Rpm" for product "Rpm" and version "4.4.2.2" | - |
Affected
| ||||||