7.8

CVE-2015-3315

Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatAutomatic Bug Reporting Tool Version-
   RedhatEnterprise Linux Desktop Version7.0
   RedhatEnterprise Linux Hpc Node Version7.0
   RedhatEnterprise Linux Hpc Node Eus Version7.1
   RedhatEnterprise Linux Server Version7.0
   RedhatEnterprise Linux Server Eus Version7.1
   RedhatEnterprise Linux Workstation Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.78% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://rhn.redhat.com/errata/RHSA-2015-1083.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1210.html
http://www.openwall.com/lists/oss-security/2015/04/14/4
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2015/04/16/12
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/75117
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1211835
Third Party Advisory
VDB Entry
Issue Tracking
https://github.com/abrt/abrt/commit/17cb66b13997b0159b4253b3f5722db79f476d68
Patch
Third Party Advisory
https://github.com/abrt/abrt/commit/4f2c1ddd3e3b81d2d5146b883115371f1cada9f9
Patch
Third Party Advisory
https://github.com/abrt/abrt/commit/80408e9e24a1c10f85fd969e1853e0f192157f92
Patch
Third Party Advisory
https://github.com/abrt/abrt/commit/d6e2f6f128cef4c21cb80941ae674c9842681aa7
Patch
Third Party Advisory
https://www.exploit-db.com/exploits/44097/