CVE-2018-10897

N/A

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.

N/A

在文件访问前对链接解析不恰当(链接跟随)

yum-utils 后置链接漏洞

Yum是美国杜克大学（Duke University）团队开发的一款基于RPM包管理的Shell字符前端软件包管理器，它支持从指定的服务器自动下载RPM包并且安装，以及处理依赖性关系。 yum-utils 1.1.31版本及之前版本中存在后置链接漏洞，该漏洞源于无法清理远程存储库配置文件中的路径。攻击者可利用该漏洞将文件复制到目标目录之外的目录下或覆盖重要的系统文件。

N/A

N/A