Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-7501

Опубликовано: 22 нояб. 2017
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.6
CVSS3: 7.8

Описание

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

4.14.1+dfsg1-2
cosmic

ignored

end of life
devel

not-affected

4.16.1.2+dfsg1-0.6
disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

not-affected

4.14.1+dfsg1-2
esm-apps/focal

not-affected

4.14.2.1+dfsg1-1build2
esm-apps/jammy

not-affected

4.16.1.2+dfsg1-0.6
esm-apps/noble

not-affected

4.16.1.2+dfsg1-0.6

Показывать по

Ссылки на источники

EPSS

Процентиль: 17%
0.00054
Низкий

4.6 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-7501

CVSS3: 7.3
redhat
больше 8 лет назад

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

nvd логотип

CVE-2017-7501

CVSS3: 7.8
nvd
около 8 лет назад

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

debian логотип

CVE-2017-7501

CVSS3: 7.8
debian
около 8 лет назад

It was found that versions of rpm before 4.13.0.2 use temporary files ...

github логотип

GHSA-3xgr-x5gv-64gh

CVSS3: 7.8
github
больше 3 лет назад

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

suse-cvrf логотип

openSUSE-SU-2018:3373-1

suse-cvrf
больше 7 лет назад

Security update for rpm

EPSS

Процентиль: 17%
0.00054
Низкий

4.6 Medium

CVSS2

7.8 High

CVSS3