Published: 26/08/2022 Updated: 04/02/2023

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 0

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rpm rpm
redhat enterprise linux 8.0

Debian Bug report logs - #990543 rpm: CVE-2021-35937 CVE-2021-35938 CVE-2021-35939 Package: src:rpm; Maintainer for src:rpm is RPM packaging team <team+pkg-rpm@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 1 Jul 2021 15:45:01 UTC Severity: important Tags: security, upstream R ...

Synopsis Moderate: rpm security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rpm is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Security has rated this upd ...

Synopsis Moderate: rpm security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rpm is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated this upd ...

Synopsis Moderate: rpm security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rpm is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rated this upd ...

Synopsis Moderate: rpm security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rpm is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security i ...

Synopsis Moderate: rpm security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rpm is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security i ...

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges The highest threat from this vulnerability is to data confidentiality ...

CWE-59 https://github.com/rpm-software-management/rpm/pull/1919 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556 https://access.redhat.com/security/cve/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.gentoo.org/glsa/202210-22 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990543 https://nvd.nist.gov

CVE-2021-35939

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect