漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.
CVSS Information
N/A
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
Red Hat RPM 安全漏洞
Vulnerability Description
Red Hat RPM(RPM Package Manager)是美国红帽(Red Hat)公司的一款命令行驱动的软件包管理器,它主要用于安装、卸载、验证、查询和升级计算机软件包。 Red Hat RPM中存在安全漏洞,该漏洞源于当目标路径是目录的符号链接时,rpm未能妥当处理RPM的安装。攻击者可利用该漏洞将目录重定向到任意位置并获取root权限。
CVSS Information
N/A
Vulnerability Type
N/A