Red Hat, Inc. CWE-59

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files.

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older

https://access.redhat.com/security/cve/CVE-2018-10897 [No Types Assigned]

https://bugzilla.redhat.com/show_bug.cgi?id=1600221 [No Types Assigned]

Red Hat, Inc. CWE-59

CWE-59 / Assessment performed prior to CVMAP efforts

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files.

https://access.redhat.com/security/cve/CVE-2018-10897 [No Types Assigned]

https://bugzilla.redhat.com/show_bug.cgi?id=1600221 [No Types Assigned]

NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 No Types Assigned

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 Third Party Advisory

OR
     *cpe:2.3:a:rpm-software-management_project:yum-utils:*:*:*:*:*:*:*:* versions from (including) 1.1.31

OR
     *cpe:2.3:a:rpm:yum-utils:*:*:*:*:*:*:*:* versions from (including) 1.1.31

Red Hat, Inc. AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Red Hat, Inc. CWE-59

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 [No Types Assigned]

OR
     *cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:rpm-software-management_project:yum-utils:*:*:*:*:*:*:*:* versions up to (including) 1.1.31

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-22

http://www.securitytracker.com/id/1041594 No Types Assigned

http://www.securitytracker.com/id/1041594 Third Party Advisory, VDB Entry

https://access.redhat.com/errata/RHSA-2018:2284 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:2284 Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2285 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:2285 Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2626 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:2626 Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897 Issue Tracking, Patch, Third Party Advisory

https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c No Types Assigned

https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c Patch, Third Party Advisory

https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c No Types Assigned

https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c Patch, Third Party Advisory

https://github.com/rpm-software-management/yum-utils/pull/43 No Types Assigned

https://github.com/rpm-software-management/yum-utils/pull/43 Third Party Advisory

http://www.securitytracker.com/id/1041594 [No Types Assigned]

https://access.redhat.com/errata/RHSA-2018:2626 [No Types Assigned]

https://access.redhat.com/errata/RHSA-2018:2284 [No Types Assigned]

https://access.redhat.com/errata/RHSA-2018:2285 [No Types Assigned]