Vulnerability CVE-2015-3315


Published: 2017-06-26

Description:
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ABRT raceabrt Privilege Escalation
Brendan Coles
16.02.2018

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

Vendor: Redhat
Product: Automatic bug reporting tool 

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://rhn.redhat.com/errata/RHSA-2015-1083.html
http://rhn.redhat.com/errata/RHSA-2015-1210.html
http://www.openwall.com/lists/oss-security/2015/04/14/4
http://www.openwall.com/lists/oss-security/2015/04/16/12
http://www.securityfocus.com/bid/75117
https://bugzilla.redhat.com/show_bug.cgi?id=1211835
https://github.com/abrt/abrt/commit/17cb66b13997b0159b4253b3f5722db79f476d68
https://github.com/abrt/abrt/commit/4f2c1ddd3e3b81d2d5146b883115371f1cada9f9
https://github.com/abrt/abrt/commit/80408e9e24a1c10f85fd969e1853e0f192157f92
https://github.com/abrt/abrt/commit/d6e2f6f128cef4c21cb80941ae674c9842681aa7
https://www.exploit-db.com/exploits/44097/

Related CVE
CVE-2018-1051
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
CVE-2018-5748
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
CVE-2018-1048
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the ...
CVE-2018-1047
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
CVE-2017-12197
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive informatio...
CVE-2016-6814
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible f...
CVE-2017-15128
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
CVE-2017-15127
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).

Copyright 2018, cxsecurity.com

 

Back to Top