CVE-2015-5273

Name of the Vulnerable Software and Affected Versions ABRT versions prior to 2.7.1

Description The issue allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. This is related to the abrt-action-install-debuginfo-to-abrt-cache help program in the Automatic Bug Reporting Tool (ABRT).

Recommendations For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /var/tmp directory to minimize the risk of exploitation.