CVE-2018-10870
It has been discovered that redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
Find out more about CVE-2018-10870 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 9.8 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Certification for Red Hat Enterprise Linux 7 (redhat-certification) | RHSA-2018:2373 | 2018-08-09 |
Acknowledgements
This issue was discovered by Riccardo Schirone (Red Hat Product Security).Mitigation
If SELinux is enabled it further restricts the set of files an attacker may write to. This prevents some basic attacks that would allow to gain remote code execution, though it is not excluded other means are possible.