N/A

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

N/A

在文件访问前对链接解析不恰当(链接跟随)

rpm 后置链接漏洞

rpm是一个强大的命令行驱动的软件包管理工具，用来安装、卸载、校验、查询和更新 Linux 系统上的软件包。 rpm存在安全漏洞，该漏洞源于没有对中间目录执行不安全符号链接检查。攻击者利用该漏洞可能会获取到root权限。

N/A

N/A