Privilege Escalation Vulnerability in dpkg by Debian
CVE-2004-2768

Currently unrated

Key Information:

Vendor: Debian
Status: Dpkg
Vendor: CVE Published:; 8 June 2010

Summary

The dpkg version 1.9.21 contains a flaw that inadequately resets file metadata during the upgrade process. This imperfection can be exploited by local users to gain elevated privileges. By creating hard links to exploitable setuid, setgid files, or devices, attackers may leverage this vulnerability to potentially execute malicious actions with higher access rights than intended. This situation points to a significant security risk that must be addressed to ensure system integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/59428

vdb-entryx_refsource_XF

http://www.hackinglinuxexposed.com/articles/20031214.html

x_refsource_MISC

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 8, 2010
Vulnerability Reserved
Jun 8, 2010