漏洞类别:RedHat
漏洞等级: 
漏洞信息
instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud (using python-instack).
A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. (CVE-2017-7549)
Affected Products:
Red Hat OpenStack 8 x86_64
漏洞危害
A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2017:2687 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论