Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 02 Jun 2010 13:43:03 +0200
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>,
        oss-security <>
CC: Panu Matilainen <>, Jindrich Novy <>,
        Florian Festi <>,
        Matt McCutchen <>
Subject: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package
 upgrade (RH BZ#598775)

Hi Steve, vendors,

    Matt McCutchen pointed out a deficiency in the way rpm handled rpm package upgrades --
it failed to clear out the SUID/SGID bits of the old file by file replacement when privileged
user performed package upgrade. Under certain circumstances, a local, authenticated user could
use this flaw to escalate their privileges.

Red Hat Bugzilla entry:

Upstream changeset:

Could you allocate CVE id for this?

Thanks && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ