UBUNTU-CVE-2017-7501

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-7501

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-7501.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-7501

Related

CVE-2017-7501

Published

2017-11-22T22:29:00Z

Modified

2024-10-15T14:06:18Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

References

Affected packages

Ubuntu:Pro:14.04:LTS / rpm

Package

Name: rpm
Purl: pkg:deb/ubuntu/rpm?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.1-2

4.11.1-3

4.11.1-3ubuntu0.1

4.11.1-3ubuntu0.1+esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / rpm

Package

Name: rpm
Purl: pkg:deb/ubuntu/rpm?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.12.0.1+dfsg1-3build2

4.12.0.1+dfsg1-3build3

4.12.0.1+dfsg1-3ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:18.04:LTS / rpm

Package

Name: rpm
Purl: pkg:deb/ubuntu/rpm?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.1+dfsg1-2

Affected versions

4.*

4.12.0.2+dfsg1-2build2

4.14.0+dfsg1-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "debugedit"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "debugedit-dbgsym"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "librpm-dev"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "librpm8"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "librpm8-dbgsym"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "librpmbuild8"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "librpmbuild8-dbgsym"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "librpmio8"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "librpmio8-dbgsym"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "librpmsign8"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "librpmsign8-dbgsym"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "python-rpm"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "python-rpm-dbgsym"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "python3-rpm"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "python3-rpm-dbgsym"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "rpm"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "rpm-common"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "rpm-common-dbgsym"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "rpm-dbgsym"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "rpm-i18n"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "rpm2cpio"
        },
        {
            "binary_version": "4.14.1+dfsg1-2",
            "binary_name": "rpm2cpio-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / rpm

Package

Name: rpm
Purl: pkg:deb/ubuntu/rpm?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.14.2.1+dfsg1-1build2

Affected versions

4.*

4.14.2.1+dfsg1-1

4.14.2.1+dfsg1-1build1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "debugedit"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "debugedit-dbgsym"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "librpm-dev"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "librpm8"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "librpm8-dbgsym"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "librpmbuild8"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "librpmbuild8-dbgsym"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "librpmio8"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "librpmio8-dbgsym"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "librpmsign8"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "librpmsign8-dbgsym"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "python-rpm"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "python-rpm-dbgsym"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "python3-rpm"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "python3-rpm-dbgsym"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "rpm"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "rpm-common"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "rpm-common-dbgsym"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "rpm-dbgsym"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "rpm-i18n"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "rpm2cpio"
        },
        {
            "binary_version": "4.14.2.1+dfsg1-1build2",
            "binary_name": "rpm2cpio-dbgsym"
        }
    ]
}