CVE-2017-7500 -- rpmID: oval:org.secpod.oval:def:1901729 | Date: (C)2019-04-03 (M)2023-11-10 |
Class: VULNERABILITY | Family: unix |
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.