Lucene search
RedhatCVELIST:CVE-2017-7549HistorySep 21, 2017 - 8:00 p.m.
CVE-2017-7549
2017-09-2120:00:00
CWE-377
redhat
www.cve.org
4
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
CNA Affected
[
{
"product": "instack-undercloud",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "Pike, 12: v7.2.0, Ocata, 11: v6.1.0, Newton, 10: v5.3.0"
}
]
}
]Related
redhat
redhat
(RHSA-2017:2693) Moderate: instack-undercloud security update
2017-09-12 16:45:06
(RHSA-2017:2649) Moderate: instack-undercloud security, bug fix, and enhancement update
2017-09-06 16:37:27
(RHSA-2017:2687) Moderate: instack-undercloud security update
2017-09-12 16:18:17
github
github
instack-undercloud vulnerable to symlink attack on tmp files
2022-05-13 01:07:33
nvd
nvd
CVE-2017-7549
2017-09-21 21:29:00
prion
prion
Design/Logic Flaw
2017-09-21 21:29:00
nessus
nessus
RHEL 7 : instack-undercloud (RHSA-2017:2649)
2024-04-24 00:00:00
veracode
veracode
Symbolic Link Attack
2017-09-07 02:45:58
Symbolic Link Attack
2019-01-15 09:19:18
osv
osv
instack-undercloud vulnerable to symlink attack on tmp files
2022-05-13 01:07:33
CVE-2017-7549
2017-09-21 21:29:00
redhatcve
redhatcve
CVE-2017-7549
2019-10-05 14:05:43
cve
cve
CVE-2017-7549
2017-09-21 21:29:00