A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securitytracker.com/id/1041594 - Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/errata/RHSA-2018:2284 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:2285 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:2626 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c - Patch, Third Party Advisory | |
References | () https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c - Patch, Third Party Advisory | |
References | () https://github.com/rpm-software-management/yum-utils/pull/43 - Third Party Advisory | |
References | () https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 - Third Party Advisory |
09 Sep 2021, 12:42
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 - Third Party Advisory |
11 Aug 2021, 15:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:rpm:yum-utils:*:*:*:*:*:*:*:* |
Information
Published : 2018-08-01 17:29
Updated : 2024-11-21 03:42
NVD link : CVE-2018-10897
Mitre link : CVE-2018-10897
CVE.ORG link : CVE-2018-10897
JSON object : View
Products Affected
redhat
- virtualization
- enterprise_linux_desktop
- enterprise_linux_workstation
- enterprise_linux_server
rpm
- yum-utils