Main Vulnerability Database Vulnerabilities #VU14218

#VU14218 Path traversal in yum-utils - CVE-2018-10897

Published: August 6, 2018 / Updated: August 7, 2018

Vulnerability identifier: #VU14218

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10897

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
yum-utils

Software vendor:
YumUtils

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists in reposync, a part of yum-utils due to insufficient sanitization of paths in remote repository configuration files. A remote unauthenticated attacker can conduct directory traversal attack, copy files outside of the destination directory and gain elevated privileges to conduct further attacks.

Remediation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897

#VU14218 Path traversal in yum-utils - CVE-2018-10897

Description

Remediation

External links

Please verify you're human