PT-2017-6665 · Red Hat+1 · Abrt+2

Tavis Ormandy

Publicado

2015-06-09

Atualizado

2018-02-19

CVE-2015-3315

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Automatic Bug Reporting Tool (ABRT) (affected versions not specified)

Description The issue allows local users to have an unspecified impact on arbitrary files via a symlink attack on various files and directories, including /var/tmp/abrt/*/maps, /tmp/jvm-*/hs error.log, /proc/*/exe, /etc/os-release in a chroot, or an unspecified root directory related to librpm.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CESA-2015_1083

CVE-2015-3315

RHSA-2015:1083

RHSA-2015:1210

RHSA-2015_1083

RHSA-2015_1210

Produtos afetados

Abrt

Centos

Red Hat

PT-2017-6665 · Red Hat+1 · Abrt+2

CVE-2015-3315

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16