CVE-2010-2059

Name of the Vulnerable Software and Affected Versions RPM versions prior to 4.9.1.3 RPM versions 4.8.0 and 4.7.x and 4.6.x RPM versions before 4.4.3

Description The issue affects the RPM package, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. Local users might gain privileges by creating a hard link to a vulnerable setuid or setgid file due to improper resetting of executable file metadata during RPM package upgrades.

Recommendations For RPM versions prior to 4.9.1.3, update to version 4.9.1.3 or later to resolve the issue. For RPM versions 4.8.0 and 4.7.x and 4.6.x, update to a version that properly resets metadata during package upgrades. For RPM versions before 4.4.3, update to version 4.4.3 or later to address the vulnerability. As a temporary workaround, consider restricting access to setuid and setgid files to minimize the risk of exploitation.