N/A

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.

N/A

N/A

RPM 'lib/fsm.c'权限提升和访问控制绕过漏洞

RPM软件包升级对文件进行替换时，RPM的lib/fsm.c无法重置可执行文件的元数据，本地用户可创建包含(1)POSIX文件功能或(2)SELinux上下文信息的易受攻击文件的硬链接，以获取权限或绕开访问控制。

N/A

N/A