CVE-2017-7549
Last modified
CVE-2017-7549 is a vulnerability of currently unknown severity. A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Instack-Undercloud | 7.2.0 |
| Openstack | Instack-Undercloud | 6.1.0 |
| Openstack | Instack-Undercloud | 5.3.0 |
References
- http://www.securityfocus.com/bid/100407Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1477403Issue Tracking, Vendor Advisory
- http://www.securityfocus.com/bid/100407Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1477403Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7549?
How severe is CVE-2017-7549?
How do I fix CVE-2017-7549?
Are you affected by CVE-2017-7549?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST