- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-201206-26
(RPM: Multiple vulnerabilities)
Multiple vulnerabilities have been found in RPM:
fsm.c fails to properly strip setuid and setgid bits from executable
files during a package upgrade (CVE-2010-2059).
RPM does not properly parse spec files (CVE-2010-2197).
fsm.c fails to properly strip POSIX file capabilities from executable
files during a package upgrade or removal (CVE-2010-2198).
fsm.c fails to properly strip POSIX ACLs from executable files during
a package upgrade or removal (CVE-2010-2199).
header.c does not properly parse region offsets in package files
(CVE-2011-3378).
RPM does not properly sanitize region tags in package headers
(CVE-2012-0060).
RPM does not properly sanitize region sizes in package headers
(CVE-2012-0061).
RPM does not properly sanitize region offsets in package
headers(CVE-2012-0815).
Impact :
A local attacker may be able to gain elevated privileges. Furthermore, a
remote attacker could entice a user to open a specially crafted RPM
package, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top