Vulnerabilities > CVE-2018-10897 - Link Following vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Symlink Attack An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.
- Accessing, Modifying or Executing Executable Files An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Manipulating Input to File System Calls An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1160.NASL description According to the version of the yum-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files.i1/4^CVE-2018-10897i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-04-09 plugin id 123846 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123846 title EulerOS Virtualization 2.5.3 : yum-utils (EulerOS-SA-2019-1160) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(123846); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19"); script_cve_id( "CVE-2018-10897" ); script_name(english:"EulerOS Virtualization 2.5.3 : yum-utils (EulerOS-SA-2019-1160)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the yum-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files.i1/4^CVE-2018-10897i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1160 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eed9ea55"); script_set_attribute(attribute:"solution", value: "Update the affected yum-utils package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:yum-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.3"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "2.5.3") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.3"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["yum-utils-1.1.31-42.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "yum-utils"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1415.NASL description According to the version of the yum-utils packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.(CVE-2018-10897) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124918 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124918 title EulerOS Virtualization for ARM 64 3.0.1.0 : yum-utils (EulerOS-SA-2019-1415) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124918); script_version("1.4"); script_cvs_date("Date: 2020/01/17"); script_cve_id( "CVE-2018-10897" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : yum-utils (EulerOS-SA-2019-1415)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the yum-utils packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.(CVE-2018-10897) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1415 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?21ebddb7"); script_set_attribute(attribute:"solution", value: "Update the affected yum-utils package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:yum-plugin-fastestmirror"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:yum-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["yum-plugin-fastestmirror-1.1.31-46", "yum-utils-1.1.31-46"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "yum-utils"); }NASL family Scientific Linux Local Security Checks NASL id SL_20180730_YUM_UTILS_ON_SL7_X.NASL description Security Fix(es) : - yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) last seen 2020-03-18 modified 2018-08-02 plugin id 111497 published 2018-08-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111497 title Scientific Linux Security Update : yum-utils on SL7.x (noarch) (20180730) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(111497); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2018-10897"); script_name(english:"Scientific Linux Security Update : yum-utils on SL7.x (noarch) (20180730)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=11881 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?17b5c2c8" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-NetworkManager-dispatcher"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-aliases"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-auto-update-debug-info"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-changelog"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-copr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-fastestmirror"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-filter-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-fs-snapshot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-keys"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-list-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-merge-conf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-ovl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-post-transaction-actions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-pre-transaction-actions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-priorities"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-protectbase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-ps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-remove-with-leaves"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-rpm-warm-cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-show-leaves"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-tmprepo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-tsflags"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-upgrade-helper"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-verify"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-plugin-versionlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-updateonboot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:yum-utils"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/01"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", reference:"yum-NetworkManager-dispatcher-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-aliases-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-auto-update-debug-info-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-changelog-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-copr-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-fastestmirror-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-filter-data-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-fs-snapshot-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-keys-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-list-data-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-local-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-merge-conf-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-ovl-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-post-transaction-actions-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-pre-transaction-actions-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-priorities-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-protectbase-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-ps-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-remove-with-leaves-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-rpm-warm-cache-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-show-leaves-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-tmprepo-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-tsflags-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-upgrade-helper-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-verify-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-plugin-versionlock-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-updateonboot-1.1.31-46.el7_5")) flag++; if (rpm_check(release:"SL7", reference:"yum-utils-1.1.31-46.el7_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "yum-NetworkManager-dispatcher / yum-plugin-aliases / etc"); }NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0133_YUM-UTILS.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has yum-utils packages installed that are affected by a vulnerability: - A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. (CVE-2018-10897) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127390 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127390 title NewStart CGSL MAIN 4.05 : yum-utils Vulnerability (NS-SA-2019-0133) NASL family Scientific Linux Local Security Checks NASL id SL_20180730_YUM_UTILS_ON_SL6_X.NASL description Security Fix(es) : - yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) last seen 2020-03-18 modified 2018-08-02 plugin id 111496 published 2018-08-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111496 title Scientific Linux Security Update : yum-utils on SL6.x (noarch) (20180730) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1063.NASL description A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. (CVE-2018-10897) last seen 2020-06-01 modified 2020-06-02 plugin id 112088 published 2018-08-24 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112088 title Amazon Linux 2 : yum-utils (ALAS-2018-1063) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1327.NASL description According to the version of the yum-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118415 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118415 title EulerOS Virtualization 2.5.1 : yum-utils (EulerOS-SA-2018-1327) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2285.NASL description An update for yum-utils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Security Fix(es) : * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 111490 published 2018-08-02 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111490 title RHEL 7 : yum-utils (RHSA-2018:2285) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-2284.NASL description An update for yum-utils is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Security Fix(es) : * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 111614 published 2018-08-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111614 title CentOS 6 : yum-utils (CESA-2018:2284) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1080.NASL description According to the version of the yum-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.(CVE-2018-10897) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122702 published 2019-03-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122702 title EulerOS Virtualization 2.5.2 : yum-utils (EulerOS-SA-2019-1080) NASL family Fedora Local Security Checks NASL id FEDORA_2018-357E8E07CE.NASL description Security fix for CVE-2018-10897 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120345 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120345 title Fedora 29 : yum-utils (2018-357e8e07ce) NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA10917_184R1.NASL description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 121068 published 2019-01-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121068 title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917) NASL family Fedora Local Security Checks NASL id FEDORA_2018-4F0089C995.NASL description Security fix for CVE-2018-10897 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120412 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120412 title Fedora 28 : yum-utils (2018-4f0089c995) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1319.NASL description According to the version of the yum-utils packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-09-27 plugin id 117762 published 2018-09-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117762 title EulerOS 2.0 SP2 : yum-utils (EulerOS-SA-2018-1319) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-2285.NASL description From Red Hat Security Advisory 2018:2285 : An update for yum-utils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Security Fix(es) : * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 111483 published 2018-08-02 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111483 title Oracle Linux 7 : yum-utils (ELSA-2018-2285) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2626.NASL description An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host last seen 2020-06-01 modified 2020-06-02 plugin id 117323 published 2018-09-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117323 title RHEL 7 : Virtualization (RHSA-2018:2626) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-2284.NASL description From Red Hat Security Advisory 2018:2284 : An update for yum-utils is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Security Fix(es) : * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 111482 published 2018-08-02 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111482 title Oracle Linux 6 : yum-utils (ELSA-2018-2284) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0024_YUM-UTILS.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has yum-utils packages installed that are affected by a vulnerability: - A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. (CVE-2018-10897) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127184 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127184 title NewStart CGSL CORE 5.04 / MAIN 5.04 : yum-utils Vulnerability (NS-SA-2019-0024) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1320.NASL description According to the version of the yum-utils packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-09-27 plugin id 117763 published 2018-09-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117763 title EulerOS 2.0 SP3 : yum-utils (EulerOS-SA-2018-1320) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1349.NASL description According to the version of the yum-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118437 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118437 title EulerOS Virtualization 2.5.0 : yum-utils (EulerOS-SA-2018-1349) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1057.NASL description A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files.(CVE-2018-10897) last seen 2020-06-01 modified 2020-06-02 plugin id 111612 published 2018-08-10 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111612 title Amazon Linux AMI : yum-utils (ALAS-2018-1057) NASL family Fedora Local Security Checks NASL id FEDORA_2019-1FCCEDE810.NASL description **createrepo_c** - Include file timestamp in repomd.xml to allow reproducing exact metadata as produced in the past - Support of zchunk **libcomps** **librepo** - Add zchunk support **libdnf** - Enhance modular solver to handle enabled and default module streams differently (RhBug:1648839) - Add support of wild cards for modules (RhBug:1644588) - Revert commit that adds best as default behavior **dnf** - Updated difference YUM vs. DNF for yum-updateonboot - Added new command ``dnf alias [options] [list|add|delete] [<name>...]`` to allow the user to define and manage a list of aliases - Enhanced documentation - Unifying return codes for remove operations - [transaction] Make transaction content available for commands - Triggering transaction hooks if no transaction (RhBug:1650157) - Add hotfix packages to install pool (RhBug:1654738) - Report group operation in transaction table - [sack] Change algorithm to calculate rpmdb_version - Allow to enable modules that break default modules (RhBug:1648839) - Enhance documentation - API examples - Add --nobest option - Revert commit that adds best as default behavior **dnf-plugins-core** - [download] Do not download src without ``--source`` (RhBug:1666648) **dnf-plugins-extras** Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122354 published 2019-02-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122354 title Fedora 29 : createrepo_c / dnf / dnf-plugins-core / dnf-plugins-extras / etc (2019-1fccede810) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-2285.NASL description An update for yum-utils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Security Fix(es) : * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 111615 published 2018-08-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111615 title CentOS 7 : yum-utils (CESA-2018:2285) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2284.NASL description An update for yum-utils is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Security Fix(es) : * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 111489 published 2018-08-02 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111489 title RHEL 6 : yum-utils (RHSA-2018:2284)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://github.com/rpm-software-management/yum-utils/pull/43
- https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
- https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897
- https://access.redhat.com/errata/RHSA-2018:2285
- https://access.redhat.com/errata/RHSA-2018:2284
- https://access.redhat.com/errata/RHSA-2018:2626
- http://www.securitytracker.com/id/1041594
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0