vulnerability
Huawei EulerOS: CVE-2017-7500: rpm security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Aug 13, 2018 | Dec 18, 2019 | Aug 13, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Aug 13, 2018
Added
Dec 18, 2019
Modified
Aug 13, 2025
Description
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.
Solutions
huawei-euleros-2_0_sp3-upgrade-rpmhuawei-euleros-2_0_sp3-upgrade-rpm-buildhuawei-euleros-2_0_sp3-upgrade-rpm-build-libshuawei-euleros-2_0_sp3-upgrade-rpm-develhuawei-euleros-2_0_sp3-upgrade-rpm-libshuawei-euleros-2_0_sp3-upgrade-rpm-ostreehuawei-euleros-2_0_sp3-upgrade-rpm-pythonhuawei-euleros-2_0_sp3-upgrade-rpm-sign
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.