CVE-2017-7500

Published: Aug 13, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.

Affected (3)

Products: Rpm: Rpm

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Rpm Rpm	From 4.13.0.0 to 4.13.0.2
Rpm Rpm	Version 4.14.0.0 rc1
Rpm Rpm	Version 4.14.0.0 rc2

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500

Source: secalert@redhat.com

Issue Tracking

https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9

Source: secalert@redhat.com

Third Party Advisory

https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.