CVE-2010-2198

Name of the Vulnerable Software and Affected Versions RPM versions 4.8.0 and earlier

Description The issue is related to the improper reset of metadata for executable files during RPM package upgrades or removals, potentially allowing local users to gain privileges or bypass access restrictions. This can be achieved by creating a hard link to a vulnerable file with POSIX file capabilities or SELinux context information.

Recommendations For RPM versions 4.8.0 and earlier, update to a version later than 4.8.0 to resolve the issue. As a temporary workaround, consider restricting access to files with POSIX file capabilities or SELinux context information to minimize the risk of exploitation.