cve-2017-7549 - instack-undercloud uses hardcoded /tmp paths
Bug #1712380 reported by
Alex Schultz
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Critical
|
Alex Schultz |
Bug Description
https:/
A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
Changed in tripleo: | |
milestone: | pike-rc1 → pike-rc2 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/496292
Review: https:/