CVE-2017-7500

ADVISORY - nist

Summary

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.

EPSS Score⁠: 0.00054 (0.170)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - redhat

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

Impacted images

Advisories

NIST

CREATED

7 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2017-7500⁠

EXPLOITABILITY SCORE

1.3

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-59⁠

CVSS SCORE

7.3high

Debian

CREATED

7 years ago

UPDATED

10 days ago

ADVISORY IDCVE-2017-7500⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

7 years ago

UPDATED

10 months ago

ADVISORY IDCVE-2017-7500⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8low

Red Hat

CREATED

9 years ago

UPDATED

4 days ago

ADVISORY IDCVE-2017-7500⁠

EXPLOITABILITY SCORE

1.3

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-59⁠

CVSS SCORE

7.3medium

Photon

CREATED

1 year ago

UPDATED

2 months ago

ADVISORY ID

CVE-2017-7500

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8high