CVE-2004-2768

CWE-2645 documents5 sources

Severity

7.2HIGH

EPSS

0.1%

top 80.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Dpkg

Timeline

PublishedJun 8

Latest updateApr 29

Description

dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶Debiandpkg< 1.10.19+3

▶NVDdebian/dpkg1.9.21

🔴Vulnerability Details

GHSA

GHSA-qrp8-65v4-pc63: dpkg 1↗2022-04-29

▶

OSV

CVE-2004-2768: dpkg 1↗2010-06-08

▶

CVEList

CVE-2004-2768: dpkg 1↗2010-06-08

▶

📋Vendor Advisories

Debian

CVE-2004-2768: dpkg - dpkg 1.9.21 does not properly reset the metadata of a file during replacement of...↗2004

▶