CVE-2017-7549

Published: Sep 21, 2017Modified: May 13, 2026

6.4

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Exploitability: 1.1 / Impact: 4.7

Source: NVD

Description

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

Affected (3)

Products: Openstack: Instack Undercloud

1 product

Instack Undercloud

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Openstack Instack Undercloud	Version 7.2.0

Running on/with	Platform Versions
Redhat Openstack	Version 12

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Openstack Instack Undercloud	Version 6.1.0

Running on/with	Platform Versions
Redhat Openstack	Version 11

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Openstack Instack Undercloud	Version 5.3.0

Running on/with	Platform Versions
Redhat Openstack	Version 10

Related CWEs

Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (14)

http://www.securityfocus.com/bid/100407

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2557

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2017:2649

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2017:2687

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2017:2693

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2017:2726

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1477403

Source: secalert@redhat.com

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/100407

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2557

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:2649

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:2687

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:2693

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:2726

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1477403

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.