Bug 1600221 - (CVE-2018-10897) CVE-2018-10897 yum-utils: reposync: improper path validation may lead to directory traversal
CVE-2018-10897 yum-utils: reposync: improper path validation may lead to dire...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20180711,repo...
: Security
: 1552328 (view as bug list)
Depends On: 1600454 1600618 1600722 1601753 1609335 1600617 1600619
Blocks: 1549618 1598068 1595309
  Show dependency treegraph
 
Reported: 2018-07-11 13:58 EDT by Scott Gayou
Modified: 2018-07-30 10:57 EDT (History)
23 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2284 None None None 2018-07-30 10:57 EDT
Red Hat Product Errata RHSA-2018:2285 None None None 2018-07-30 10:53 EDT

  None (edit)
Description Scott Gayou 2018-07-11 13:58:53 EDT
Reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository a user is syncing with, the attacker may be able to copy files outside of the destination directory via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files.
Comment 2 Andrej Nemec 2018-07-12 05:52:28 EDT
Created yum-utils tracking bugs for this issue:

Affects: fedora-all [bug 1600454]
Comment 10 Scott Gayou 2018-07-16 12:57:20 EDT
Acknowledgments:

Name: Jay Grizzard (Clover Network), Aaron Levy (Clover Network)
Comment 12 Doran Moppert 2018-07-17 03:51:14 EDT
Statement:

Red Hat Enterprise Virtualization includes reposync as a component from the base Enterprise Linux system. It is not used by virtualization or management components, and it is not generally useful to mirror untrusted repositories to either Hypervisor or Management Appliance. For Red Hat Enterprise Virtualization, this issue affects only unlikely configurations and thus is rated as Moderate.
Comment 14 Michal Domonkos 2018-07-20 04:05:59 EDT
*** Bug 1552328 has been marked as a duplicate of this bug. ***
Comment 26 Scott Gayou 2018-07-27 11:32:31 EDT
Created dnf-plugins-core tracking bugs for this issue:

Affects: fedora-all [bug 1609335]
Comment 27 errata-xmlrpc 2018-07-30 10:53:24 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:2285 https://access.redhat.com/errata/RHSA-2018:2285
Comment 28 errata-xmlrpc 2018-07-30 10:57:31 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:2284 https://access.redhat.com/errata/RHSA-2018:2284

Note You need to log in before you can comment on or make changes to this bug.