CVE-2004-2768
EPSS 0.06%
Description
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.
How to fix CVE-2004-2768
To remediate CVE-2004-2768, upgrade the affected package to a fixed version below.
- Debian/dpkg—upgrade to 1.10.19 or later
Is CVE-2004-2768 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.10.19