CVE-2004-2768

Published: 6/8/2010 Last updated: 8/8/2024 Reserved: 6/8/2010

dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-dpkg

Products affected (1)

Product	Vendor	Version
n/a	n/a	< ec275bf9693d19cc0fdce8436f4c425ced86f6e7

References (20)

https://exchange.xforce.ibmcloud.com/vulnerabilities/59428
http://www.hackinglinuxexposed.com/articles/20031214.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692
http://lists.jammed.com/ISN/2003/12/0056.html
https://bugzilla.redhat.com/show_bug.cgi?id=598775
https://exchange.xforce.ibmcloud.com/vulnerabilities/59428
http://www.hackinglinuxexposed.com/articles/20031214.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692
http://lists.jammed.com/ISN/2003/12/0056.html
https://bugzilla.redhat.com/show_bug.cgi?id=598775
https://bugzilla.redhat.com/show_bug.cgi?id=598775
https://exchange.xforce.ibmcloud.com/vulnerabilities/59428
http://www.hackinglinuxexposed.com/articles/20031214.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692
http://lists.jammed.com/ISN/2003/12/0056.html
https://bugzilla.redhat.com/show_bug.cgi?id=598775
https://exchange.xforce.ibmcloud.com/vulnerabilities/59428
http://www.hackinglinuxexposed.com/articles/20031214.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692
http://lists.jammed.com/ISN/2003/12/0056.html