CVE-2010-2198

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2010-2198

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2010-2198.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2010-2198

Downstream

DEBIAN-CVE-2010-2198

ECHO-96ed-6e2a-ba42

Published

2010-06-08T18:30:10Z

Modified

2025-09-16T05:55:06.830896Z

Summary

[none]

Details

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

References

Affected packages

Debian:11 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.16.1.2+dfsg1-3

4.17.0+dfsg1-1

4.17.0+dfsg1-2

4.17.0+dfsg1-3

4.17.0+dfsg1-4

4.17.1.1+dfsg-1

4.18.0+dfsg-1

4.18.2+dfsg-1

4.18.2+dfsg-1.1~exp1

4.18.2+dfsg-2

4.18.2+dfsg-2.1~exp1

4.18.2+dfsg-2.1

4.19.1.1+dfsg-1~exp

4.19.1.1+dfsg-1

4.20.0+dfsg-1

4.20.0+dfsg-2

4.20.0+dfsg-3

4.20.0+dfsg-4

4.20.1+dfsg-1

4.20.1+dfsg-2

4.20.1+dfsg-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.18.0+dfsg-1

4.18.0+dfsg-1+deb12u1

4.18.2+dfsg-1

4.18.2+dfsg-1.1~exp1

4.18.2+dfsg-2

4.18.2+dfsg-2.1~exp1

4.18.2+dfsg-2.1

4.19.1.1+dfsg-1~exp

4.19.1.1+dfsg-1

4.20.0+dfsg-1

4.20.0+dfsg-2

4.20.0+dfsg-3

4.20.0+dfsg-4

4.20.1+dfsg-1

4.20.1+dfsg-2

4.20.1+dfsg-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.20.1+dfsg-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / rpm

Package

Name: rpm
Purl: pkg:deb/debian/rpm?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.20.1+dfsg-3

Ecosystem specific

{
    "urgency": "unimportant"
}