Home

CVE-2017-7501

Description

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.054

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1Windows
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-32bit-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-build-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-build-debuginfo-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-debuginfo-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-debuginfo-32bit-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-debugsource-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-python-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-python-debuginfo-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-python-debugsource-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Server 12-SP3 ) python3-rpm-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Server 12-SP3 ) python3-rpm-debuginfo-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3286-1(SUSE Linux Enterprise Server 12-SP3 ) python3-rpm-debugsource-4.11.2-16.16.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-32bit-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-build-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-build-debuginfo-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-debuginfo-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-debuginfo-32bit-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-debugsource-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-python-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-python-debuginfo-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Desktop 12-SP3 ) rpm-python-debugsource-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Server 12-SP3 ) python3-rpm-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Server 12-SP3 ) python3-rpm-debuginfo-4.11.2-16.21.1.x86_64.rpmLinux
SUSE-SU-2018:3884-1(SUSE Linux Enterprise Server 12-SP3 ) python3-rpm-debugsource-4.11.2-16.21.1.x86_64.rpmLinux
CVE-2017-7501NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234