Huawei EulerOS: CVE-2017-7500: rpm security update
Description
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.
Solution(s)
- huawei-euleros-2_0_sp2-upgrade-rpm
- huawei-euleros-2_0_sp2-upgrade-rpm-build
- huawei-euleros-2_0_sp2-upgrade-rpm-build-libs
- huawei-euleros-2_0_sp2-upgrade-rpm-devel
- huawei-euleros-2_0_sp2-upgrade-rpm-libs
- huawei-euleros-2_0_sp2-upgrade-rpm-python
- huawei-euleros-2_0_sp2-upgrade-rpm-sign
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center