vulnerability

Debian: CVE-2010-2199: rpm -- security update

Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:C/A:N)
Published
May 15, 2025
Added
May 15, 2025
Modified
May 27, 2025

Description

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.

Solution

no-fix-debian-deb-package
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.