CVE-2017-7549

instack-undercloud: uses hardcoded /tmp paths

Severity Score

6.4

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

Se ha encontrado un error en la versión 7.2.0 de instack-undercloud tal y como viene incorporado en Red Hat OpenStack Platform Pike; la versión 6.1.0 en Red Hat OpenStack Platform Oacta y la versión 5.3.0 en Red Hat OpenStack Newton, en donde los scripts de preinstalación y políticas de seguridad emplearon archivos temporales no seguros. Un usuario local podría explotar esta vulnerabilidad para llevar a cabo un ataque de enlace simbólico que les permita sobrescribir el contenido de archivos arbitrarios.

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. The following packages have been upgraded to a later upstream version: instack-undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-04-05 CVE Reserved
2017-08-30 CVE Published
2023-03-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-59: Improper Link Resolution Before File Access ('Link Following')
CWE-377: Insecure Temporary File

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/bid/100407	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2017:2557	2023-02-12
https://access.redhat.com/errata/RHSA-2017:2649	2023-02-12
https://access.redhat.com/errata/RHSA-2017:2687	2023-02-12
https://access.redhat.com/errata/RHSA-2017:2693	2023-02-12
https://access.redhat.com/errata/RHSA-2017:2726	2023-02-12
https://bugzilla.redhat.com/show_bug.cgi?id=1477403	2017-09-13
https://access.redhat.com/security/cve/CVE-2017-7549	2017-09-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"	Instack-undercloud Search vendor "Openstack" for product "Instack-undercloud"	7.2.0 Search vendor "Openstack" for product "Instack-undercloud" and version "7.2.0"	-	Affected	in	Redhat Search vendor "Redhat"	Openstack Search vendor "Redhat" for product "Openstack"	12 Search vendor "Redhat" for product "Openstack" and version "12"	-	Safe
Openstack Search vendor "Openstack"	Instack-undercloud Search vendor "Openstack" for product "Instack-undercloud"	6.1.0 Search vendor "Openstack" for product "Instack-undercloud" and version "6.1.0"	-	Affected	in	Redhat Search vendor "Redhat"	Openstack Search vendor "Redhat" for product "Openstack"	11 Search vendor "Redhat" for product "Openstack" and version "11"	-	Safe
Openstack Search vendor "Openstack"	Instack-undercloud Search vendor "Openstack" for product "Instack-undercloud"	5.3.0 Search vendor "Openstack" for product "Instack-undercloud" and version "5.3.0"	-	Affected	in	Redhat Search vendor "Redhat"	Openstack Search vendor "Redhat" for product "Openstack"	10 Search vendor "Redhat" for product "Openstack" and version "10"	-	Safe