Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 335880 (CVE-2010-2059) - <app-arch/rpm-4.9.1.2: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})
Summary: <app-arch/rpm-4.9.1.2: multiple vulnerabilites (CVE-2010-{2059,2197,2198,2199})
Status: RESOLVED FIXED
Alias: CVE-2010-2059
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://distrib-coffee.ipsl.jussieu.fr...
Whiteboard: B1 [glsa]
Keywords:
Depends on: CVE-2011-3378
Blocks:
  Show dependency tree
 
Reported: 2010-09-03 21:09 UTC by Stefan Behte (RETIRED)
Modified: 2012-06-24 23:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:09:47 UTC
CVE-2010-2059 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2059):
  lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and
  RPM before 4.4.3, does not properly reset the metadata of an
  executable file during replacement of the file in an RPM package
  upgrade, which might allow local users to gain privileges by creating
  a hard link to a vulnerable (1) setuid or (2) setgid file.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:48:36 UTC
CVE-2010-2197 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2197):
  rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax
  of spec files, which allows user-assisted remote attackers to remove
  home directories via vectors involving a ;~ (semicolon tilde)
  sequence in a Name tag.

CVE-2010-2198 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2198):
  lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the
  metadata of an executable file during replacement of the file in an
  RPM package upgrade or deletion of the file in an RPM package
  removal, which might allow local users to gain privileges or bypass
  intended access restrictions by creating a hard link to a vulnerable
  file that has (1) POSIX file capabilities or (2) SELinux context
  information, a related issue to CVE-2010-2059.

CVE-2010-2199 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2199):
  lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the
  metadata of an executable file during replacement of the file in an
  RPM package upgrade or deletion of the file in an RPM package
  removal, which might allow local users to bypass intended access
  restrictions by creating a hard link to a vulnerable file that has a
  POSIX ACL, a related issue to CVE-2010-2059.

Comment 2 SpanKY gentoo-dev 2010-09-04 19:01:53 UTC
what does any of this have to do with rpm2targz ?  all of the code quoted comes from app-arch/rpm.
Comment 3 Jeff Johnson 2010-09-09 16:15:06 UTC
tracked at https://bugs.launchpad.net/rpm/+bug/634183

Yes, these are all RPM CVE's (and more specifically rpm.org RPM)
Comment 4 Stanislav Ochotnicky (RETIRED) gentoo-dev 2010-09-24 20:12:30 UTC
Fixed by updating 4.8.0 to 4.8.1. From my understanding of those CVEs other versions in the tree should not be affected. Thanks for reporting the bugs.
Comment 5 Stanislav Ochotnicky (RETIRED) gentoo-dev 2010-09-24 20:13:55 UTC
Sorry, reopening for security@ to deal with closing
Comment 6 Sean Amoss gentoo-dev Security 2012-03-27 21:24:47 UTC
Added to GLSA request with 384967, ready for review.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-06-24 23:08:36 UTC
This issue was resolved and addressed in
 GLSA 201206-26 at http://security.gentoo.org/glsa/glsa-201206-26.xml
by GLSA coordinator Sean Amoss (ackle).