Back to search
CVE-2017-7549
Published: Sep 21, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
| Vendor | Product | Versions |
|---|---|---|
Red Hat, Inc. | instack-undercloud | affected Pike, 12: v7.2.0, Ocata, 11: v6.1.0, Newton, 10: v5.3.0 |
Weaknesses (CWE)
References
RHSA-2017:2726
vendor-advisory
x_refsource_REDHAT
100407
vdb-entry
x_refsource_BID
RHSA-2017:2649
vendor-advisory
x_refsource_REDHAT
RHSA-2017:2687
vendor-advisory
x_refsource_REDHAT
RHSA-2017:2557
vendor-advisory
x_refsource_REDHAT
RHSA-2017:2693
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1477403
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now