CVE-2017-7501

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

References

https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc

https://security.gentoo.org/glsa/201811-22

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

Details

Source: MITRE

Published: 2017-11-22

Updated: 2021-06-29

Type: CWE-59

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
125568EulerOS Virtualization for ARM 64 3.0.2.0 : rpm (EulerOS-SA-2019-1616)NessusHuawei Local Security Checks
high
124969EulerOS Virtualization 3.0.1.0 : rpm (EulerOS-SA-2019-1466)NessusHuawei Local Security Checks
high
123896EulerOS Virtualization 2.5.4 : rpm (EulerOS-SA-2019-1210)NessusHuawei Local Security Checks
high
122216EulerOS 2.0 SP3 : rpm (EulerOS-SA-2019-1043)NessusHuawei Local Security Checks
high
121787Photon OS 1.0: Rpm PHSA-2017-1.0-0095NessusPhotonOS Local Security Checks
critical
120999EulerOS 2.0 SP5 : rpm (EulerOS-SA-2019-1011)NessusHuawei Local Security Checks
high
119276GLSA-201811-22 : RPM: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
119145SUSE SLED12 / SLES12 Security Update : rpm (SUSE-SU-2018:3884-1)NessusSuSE Local Security Checks
high
118736EulerOS 2.0 SP2 : rpm (EulerOS-SA-2018-1353)NessusHuawei Local Security Checks
high
118382openSUSE Security Update : rpm (openSUSE-2018-1246)NessusSuSE Local Security Checks
high
118319SUSE SLED12 / SLES12 Security Update : rpm (SUSE-SU-2018:3286-1)NessusSuSE Local Security Checks
high
111904Photon OS 1.0: Binutils / Curl / Docker / Linux / Rpm PHSA-2017-1.0-0095 (deprecated)NessusPhotonOS Local Security Checks
critical
104828Fedora 25 : rpm (2017-ab57a100f3)NessusFedora Local Security Checks
high
104447Fedora 26 : rpm (2017-9232eac8e8)NessusFedora Local Security Checks
high