CVE-2018-10897
01.08.2018, 17:29
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| rpm | yum-utils | 𝑥 ≤ 1.1.31 |
| redhat | virtualization | 4.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| yum-NetworkManager-dispatcher |
| ||||
| yum-plugin-aliases |
| ||||
| yum-plugin-auto-update-debug-info |
| ||||
| yum-plugin-changelog |
| ||||
| yum-plugin-copr |
| ||||
| yum-plugin-fastestmirror |
| ||||
| yum-plugin-filter-data |
| ||||
| yum-plugin-fs-snapshot |
| ||||
| yum-plugin-keys |
| ||||
| yum-plugin-list-data |
| ||||
| yum-plugin-local |
| ||||
| yum-plugin-merge-conf |
| ||||
| yum-plugin-ovl |
| ||||
| yum-plugin-post-transaction-actions |
| ||||
| yum-plugin-pre-transaction-actions |
| ||||
| yum-plugin-priorities |
| ||||
| yum-plugin-protectbase |
| ||||
| yum-plugin-ps |
| ||||
| yum-plugin-remove-with-leaves |
| ||||
| yum-plugin-rpm-warm-cache |
| ||||
| yum-plugin-security |
| ||||
| yum-plugin-show-leaves |
| ||||
| yum-plugin-tmprepo |
| ||||
| yum-plugin-tsflags |
| ||||
| yum-plugin-upgrade-helper |
| ||||
| yum-plugin-verify |
| ||||
| yum-plugin-versionlock |
| ||||
| yum-updateonboot |
| ||||
| yum-utils |
|
Common Weakness Enumeration
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
References
https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c