oss-sec mailing list archives
CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 02 Jun 2010 13:43:03 +0200
Hi Steve, vendors, Matt McCutchen pointed out a deficiency in the way rpm handled rpm package upgrades -- it failed to clear out the SUID/SGID bits of the old file by file replacement when privileged user performed package upgrade. Under certain circumstances, a local, authenticated user could use this flaw to escalate their privileges. Red Hat Bugzilla entry: [1] https://bugzilla.redhat.com/show_bug.cgi?id=598775 Upstream changeset: [2] http://rpm.org/gitweb?p=rpm.git;a=commit;h=ca2d6b2b484f1501eafdde02e1688409340d2383 Could you allocate CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jan Lieskovsky (Jun 02)
- Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jan Lieskovsky (Jun 02)
- Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Josh Bressers (Jun 03)
- Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Steven M. Christey (Jun 03)
- Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Panu Matilainen (Jun 03)
- Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Josh Bressers (Jun 03)
- Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jan Lieskovsky (Jun 02)