CVE-2017-7549 Red Hat Update for instack-undercloud (RHSA-2017:2687)

漏洞类别:RedHat

漏洞等级:

漏洞信息

instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud (using python-instack).

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. (CVE-2017-7549)

Affected Products:
Red Hat OpenStack 8 x86_64

漏洞危害

A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2687 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2687: Red Hat Enterprise Linux

Leave a Reply