CVE-2017-7500

CVE-2017-7500

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.

Source: CVE-2017-7500

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다