CVE
CVE-2017-7500
| CVE ID |
CVE-2017-7500
|
|---|---|
| CVSS Score |
7.8
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
rpm-4.11.3-48_ol001.el7
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
rpm did not properly handle installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination.
An attacker with write access to a directory in which a subdirectory will be installed could redirect that directory to an arbitrary location and gain superuser privileges.