#VU31396 Link following in rpm - CVE-2017-7501


| Updated: 2020-07-17

Vulnerability identifier: #VU31396

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-7501

CWE-ID: CWE-59

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
rpm

Vendor: rpm-software-management

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

Mitigation
Install update from vendor's website.

Vulnerable software versions

rpm: 4.13.0.1 - 4.13.0.2

External links
https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc
https://security.gentoo.org/glsa/201811-22

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Security Verify Governance - Identity Manager
Multiple vulnerabilities in IBM Storage Ceph
Amazon Linux AMI update for rpm
Multiple vulnerabilities in IBM Cloud Transformation Advisor
Multiple vulnerabilities in Juniper Secure Analytics (JSA)
Multiple vulnerabilities in IBM QRadar SIEM
Multiple vulnerabilities in IBM App Connect Enterprise Certified Container
Anolis OS update for rpm
Multiple vulnerabilities in Dell EMC Cloud Tiering Appliance Family
Multiple vulnerabilities in Dell EMC Unity Family