If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microfocus
Published: 2019-02-21T00:00:00
Updated: 2021-01-06T16:15:45
Reserved: 2018-11-28T00:00:00
Link: CVE-2018-19639
JSON object: View
NVD Information
Status : Modified
Published: 2019-03-05T16:29:00.417
Modified: 2023-11-07T02:55:36.670
Link: CVE-2018-19639
JSON object: View
Redhat Information
No data.
CWE