Updated: 2023-11-04 20:29:18.803317
Description:
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 6.7 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | rpm | 4.16.1.3 | 6.7 | MEDIUM | Released | CLSA-2024:1708417063 | 2024-02-20 03:57:03 |
CentOS 6 ELS | rpm | 4.8.0 | 6.7 | MEDIUM | Ignored | 2022-11-30 04:04:09 | |
CentOS 7 ELS | rpm | 4.11.3 | 6.7 | MEDIUM | Ignored | 2023-09-19 09:30:12 | |
CentOS 8.4 ELS | rpm | 4.14.3-14 | 6.7 | MEDIUM | Already Fixed | 2024-05-24 07:21:26 | |
CentOS 8.5 ELS | rpm | 4.14.3-19 | 6.7 | MEDIUM | Already Fixed | 2024-05-24 07:21:26 | |
CloudLinux 6 ELS | rpm | 4.8.0 | 6.7 | MEDIUM | Ignored | 2022-11-30 04:04:09 | |
Oracle Linux 6 ELS | rpm | 4.8.0 | 6.7 | MEDIUM | Ignored | 2022-11-30 04:04:09 |