CVE-2015-3315

EPSS 6.35%
Published 26.06.2017 15:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.

Affected products Warnungen 0 Metrics 3 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Automatic Bug Reporting Tool Version-

   Redhat ≫ Enterprise Linux Desktop Version7.0
   Redhat ≫ Enterprise Linux Hpc Node Version7.0
   Redhat ≫ Enterprise Linux Hpc Node Eus Version7.1
   Redhat ≫ Enterprise Linux Server Version7.0
   Redhat ≫ Enterprise Linux Server Eus Version7.1
   Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.35%	0.906

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://rhn.redhat.com/errata/RHSA-2015-1083.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1210.html

http://www.openwall.com/lists/oss-security/2015/04/14/4

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2015/04/16/12

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/75117

Third Party Advisory

VDB Entry