CVE-2010-2197

Name of the Vulnerable Software and Affected Versions RPM versions prior to 4.9.1.3

Description The issue concerns multiple vulnerabilities in the RPM package of Gentoo Linux. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, in versions prior to 4.8.0, the rpmbuild function does not correctly parse spec file syntax. This allows remote attackers, with user assistance, to delete home directories by exploiting a ;~ (semicolon tilde) sequence in a Name tag.

Recommendations For versions prior to 4.9.1.3, update to version 4.9.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the rpmbuild function until a patch is available. Avoid using the ;~ sequence in Name tags of spec files to minimize the risk of exploitation.