cbcvebase.
CVE-2004-2768
published 2010-06-08

CVE-2004-2768: dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain…

PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.41%
32.8th percentile
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiandpkg< dpkg 1.10.19 (bookworm)dpkg 1.10.19 (bookworm)
debiandpkg
debiandpkg>= 0 < 1.10.191.10.19
debiandpkg>= 0 < 1.10.191.10.19
debiandpkg>= 0 < 1.10.191.10.19
debiandpkg>= 0 < 1.10.191.10.19

CVSS provenance

nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.