Red Hat · Abrt · CVE-2015-5273
**Name of the Vulnerable Software and Affected Versions**
ABRT versions prior to 2.7.1
**Description**
The issue allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. This is related to the abrt-action-install-debuginfo-to-abrt-cache help program in the Automatic Bug Reporting Tool (ABRT).
**Recommendations**
For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /var/tmp directory to minimize the risk of exploitation.