High severity7.3NVD Advisory· Published Aug 13, 2018· Updated Jun 17, 2026
CVE-2017-7500
CVE-2017-7500
Description
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
47- osv-coords47 versionspkg:rpm/opensuse/rpm&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python3-rpm&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python3-rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python3-rpm&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/rpm&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/rpm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/rpm&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rpm-python&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/rpm-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/rpm-python&distro=SUSE%20OpenStack%20Cloud%207
< 4.16.1.3-3.2+ 46 more
- (no CPE)range: < 4.16.1.3-3.2
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.16.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.16.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.14.1-10.3.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.16.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.14.1-10.3.1
- (no CPE)range: < 4.14.1-10.3.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.16.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.16.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.16.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.16.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.16.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.16.1
- (no CPE)range: < 4.11.2-16.21.1
- (no CPE)range: < 4.11.2-16.21.1
Patches
Vulnerability mechanics
References
3- github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9nvdThird Party Advisory
- github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.