CVE-2017-7549

Опубликовано: 14 авг. 2017

Источник: redhat

CVSS3: 6.1

EPSS Низкий

Описание

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	instack-undercloud	Will not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)	instack-undercloud	Affected
Red Hat OpenStack Platform 12 (Pike)	instack-undercloud	Not affected
Red Hat OpenStack Platform 8 (Liberty)	instack-undercloud	Affected
Red Hat OpenStack Platform 9 (Mitaka)	instack-undercloud	Affected
Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7	instack-undercloud	Fixed	RHSA-2017:2693	12.09.2017
Red Hat OpenStack Platform 10.0 (Newton)	instack-undercloud	Fixed	RHSA-2017:2649	06.09.2017
Red Hat OpenStack Platform 11.0 (Ocata)	instack-undercloud	Fixed	RHSA-2017:2726	13.09.2017
Red Hat OpenStack Platform 8.0 (Liberty) director	instack-undercloud	Fixed	RHSA-2017:2687	12.09.2017
Red Hat OpenStack Platform 9.0 (Mitaka) director	instack-undercloud	Fixed	RHSA-2017:2557	30.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-377

https://bugzilla.redhat.com/show_bug.cgi?id=1477403instack-undercloud: uses hardcoded /tmp paths

EPSS

Процентиль: 24%

0.00079

Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2017-7549

CVSS3: 6.4

nvd

больше 8 лет назад

GHSA-53wm-97p6-582f