CVE-2017-7549 – instack-undercloud: uses hardcoded /tmp paths

https://notcve.org/view.php?id=CVE-2017-7549

30 Aug 2017 — A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. Se ha encontrado un error en la versión 7.2.0 de instack-undercloud tal y como viene incorporado en Red Hat ... • http://www.securityfocus.com/bid/100407 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •