CVE-2004-2768

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2004-2768

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2004-2768.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2004-2768

Downstream

DEBIAN-CVE-2004-2768

Published

2010-06-08T18:30:07Z

Modified

2026-04-10T03:36:47.979951Z

Summary

[none]

Details

dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.

References

http://lists.jammed.com/ISN/2003/12/0056.html
http://www.hackinglinuxexposed.com/articles/20031214.html
https://bugzilla.redhat.com/show_bug.cgi?id=598775
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692
https://exchange.xforce.ibmcloud.com/vulnerabilities/59428

CVE-2004-2768

Affected packages