RPM Package Update and Removal File Attribute Security Bypass Vulnerabilities

Bugtraq ID: 40512
Class: Access Validation Error
CVE: CVE-2010-2059
CVE-2010-2198
CVE-2005-4889
Remote: No
Local: Yes
Published: Jun 02 2010 12:00AM
Updated: Apr 13 2015 09:43PM
Credit: Matt McCutchen
Vulnerable: VMWare ESX Server 4.1
VMWare ESX Server 4.0
SuSE SUSE Linux Enterprise 11 SP1
SuSE SUSE Linux Enterprise 11
SuSE SUSE Linux Enterprise 10 SP3
S.u.S.E. openSUSE 11.2
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
RPM RPM Package Manager 4.8
RPM RPM Package Manager 4.1
Redhat Enterprise Linux WS 5
Redhat Enterprise Linux WS 4
Redhat Enterprise Linux WS 3
Redhat Enterprise Linux EUS 5.4.z server
Redhat Enterprise Linux EUS 5.3.z server
Redhat Enterprise Linux EUS 5.2.z server
Redhat Enterprise Linux EUS 5.1.z server
Redhat Enterprise Linux ES 5
Redhat Enterprise Linux ES 4.9.z
Redhat Enterprise Linux ES 4.8.z
Redhat Enterprise Linux ES 4.7.z
Redhat Enterprise Linux ES 4.6.z
Redhat Enterprise Linux ES 4.5.z
Redhat Enterprise Linux ES 4
Redhat Enterprise Linux ES 3
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux AS 5.3
Redhat Enterprise Linux AS 4.8.z
Redhat Enterprise Linux AS 4.7.z
Redhat Enterprise Linux AS 4.6.z
Redhat Enterprise Linux AS 4.5.z
Redhat Enterprise Linux AS 4
Redhat Enterprise Linux AS 3
Redhat Enterprise Linux Desktop version 4
Redhat Enterprise Linux 5.4.Z Server
Redhat Enterprise Linux 5.4 beta
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Redhat Enterprise Linux 5.4
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Redhat Enterprise Linux 5.3.z server
Redhat Enterprise Linux 5.2.z server
Redhat Enterprise Linux 5.1
Redhat Enterprise Linux 5 Server
Redhat Desktop 4.0
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Avaya Voice Portal 5.0 SP2
Avaya Voice Portal 5.0 SP1
Avaya Voice Portal 5.0
Avaya Voice Portal 4.1
Avaya Voice Portal 4.0
Avaya Proactive Contact 4.2
Avaya Messaging Storage Server 5.2
Avaya Messaging Storage Server 5.1
Avaya Messaging Storage Server 5.0
Avaya Messaging Storage Server 4.0
Avaya Message Networking 5.2
Avaya Message Networking 3.1
Avaya Meeting Exchange 5.2
Avaya Meeting Exchange 5.1
Avaya Meeting Exchange 5.0
Avaya IQ 5.1
Avaya IQ 5
Avaya Intuity AUDIX LX 2.0 SP2
Avaya Intuity AUDIX LX 2.0 SP1
Avaya Intuity AUDIX LX 2.0
Avaya Aura System Platform 6.0
Avaya Aura System Platform 1.0
Avaya Aura SIP Enablement Services 5.2.1
Avaya Aura SIP Enablement Services 3.1.1
Avaya Aura SIP Enablement Services 3.1
Avaya Aura SIP Enablement Services 5.2
Avaya Aura SIP Enablement Services 5.1
Avaya Aura SIP Enablement Services 5.0
Avaya Aura SIP Enablement Services 4.0
Avaya Aura Session Manager 6.0
Avaya Aura Session Manager 5.2 SP2
Avaya Aura Session Manager 5.2 SP1
Avaya Aura Session Manager 5.2
Avaya Aura Session Manager 1.1
Avaya Aura Presence Services 6.0
Avaya Aura Conferencing 6.0
Avaya Aura Communication Manager 6.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Communication Manager 5.2
Avaya Aura Communication Manager 5.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Communication Manager 4.0
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 4.2.3
Avaya Aura Application Enablement Services 4.2.2
Avaya Aura Application Enablement Services 4.2.1
Avaya Aura Application Enablement Services 5.2
Avaya Aura Application Enablement Services 4.2
Not Vulnerable: VMWare ESX Server 4.0 ESX400-201103406


 

Privacy Statement
Copyright 2010, SecurityFocus