Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2018-10897

Published: 01/08/2018 Updated: 13/02/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Rpm

Vulnerability Summary

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rpm yum-utils

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat virtualization 4.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2018-10897
Debian Bug report logs - #921131 CVE-2018-10897 Package: yum-utils; Maintainer for yum-utils is RPM packaging team <team+pkg-rpm@trackerdebianorg>; Source for yum-utils is src:yum-utils (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 1 Feb 2019 23:51:01 UTC Severity: grave Tags: ...
Red Hat: Important: yum-utils security update
Synopsis Important: yum-utils security update Type/Severity Security Advisory: Important Topic An update for yum-utils is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Red Hat: Important: yum-utils security update
Synopsis Important: yum-utils security update Type/Severity Security Advisory: Important Topic An update for yum-utils is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Red Hat: Important: Red Hat Virtualization security, bug fix, and enhancement update
Synopsis Important: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having ...
Amazon Linux 2: ALAS2-2018-1063
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal If reposync is running with heightened privilege ...
Amazon Linux AMI: ALAS-2018-1057
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal If reposync is running with heightened privilege ...
Red Hat: CVE-2018-10897
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal If reposync is running with heightened privilege ...

References

CWE-59https://github.com/rpm-software-management/yum-utils/pull/43https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2chttps://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71chttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897https://access.redhat.com/errata/RHSA-2018:2285https://access.redhat.com/errata/RHSA-2018:2284https://access.redhat.com/errata/RHSA-2018:2626http://www.securitytracker.com/id/1041594https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921131https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2018:2284https://alas.aws.amazon.com/AL2/ALAS-2018-1063.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook