QwikSec

Security Database

CVE

CWE

Training

CVE-2017-7501

Published: Nov 22, 2017

Modified: Sep 17, 2024

PUBLISHED

Description

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

Vendor	Product	Versions
Red Hat, Inc.	rpm	affected `before 4.13.0.2`

Weaknesses (CWE)

References

vendor-advisory

x_refsource_GENTOO

https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc

x_refsource_MISC

[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

mailing-list

x_refsource_MLIST

[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.