PT-2018-8391 · Rpm+2 · Rpm+2

Publicado

2017-10-30

Atualizado

2024-06-15

CVE-2017-7500

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions rpm (affected versions not specified)

Description The issue is related to how rpm handles installations when a destination path is a symbolic link to a directory. This could lead to changes in ownership and permissions of an arbitrary directory, and RPM files could be placed in an arbitrary destination. An attacker with write access to a directory where a subdirectory will be installed could exploit this by redirecting the directory to an arbitrary location, potentially gaining root privilege.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CVE-2017-7500

ECHO-9CD3-7DC0-FCC1

MGASA-2017-0394

OPENSUSE-SU-2018_2215-1

OPENSUSE-SU-2018_3373-1

OPENSUSE-SU-2024:11305-1

SUSE-SU-2018:2073-1

SUSE-SU-2018:3286-1

SUSE-SU-2018:3884-1

SUSE-SU-2018:3884-2

SUSE-SU-2018_2073-1

SUSE-SU-2018_3286-1

SUSE-SU-2018_3884-1

SUSE-SU-2018_3884-2

Produtos afetados

Debian

Suse

Rpm

PT-2018-8391 · Rpm+2 · Rpm+2

CVE-2017-7500

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37