CVE-2017-7501

ADVISORY - nist

Summary

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

EPSS Score⁠: 0.00054 (0.171)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - redhat

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

Impacted images

Advisories

NIST

CREATED

8 years ago

UPDATED

9 months ago

ADVISORY IDCVE-2017-7501⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-59⁠

CVSS SCORE

7.8high

Debian

CREATED

8 years ago

UPDATED

9 days ago

ADVISORY IDCVE-2017-7501⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

8 years ago

UPDATED

10 months ago

ADVISORY IDCVE-2017-7501⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8low

Red Hat

CREATED

9 years ago

UPDATED

3 days ago

ADVISORY IDCVE-2017-7501⁠

EXPLOITABILITY SCORE

1.3

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-59⁠

CVSS SCORE

7.3medium

Photon

CREATED

1 year ago

UPDATED

2 months ago

ADVISORY ID

CVE-2017-7501

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8high