CVE-2015-5302

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions libreport versions 2.0.7 through 2.6.3

Description The issue allows remote attackers to obtain sensitive information via unspecified vectors related to the backtrace, cmdline, environ, open fds, maps, smaps, hostname, remote, ks.cfg, or anaconda-tb file attachment included in a Red Hat Bugzilla bug report. This occurs because libreport only saves changes to the first file when editing a crash report.

Recommendations For versions 2.0.7 through 2.6.3, update to version 2.6.3 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CESA-2015_2504

CESA-2015_2505

CVE-2015-5302

RHSA-2015:2504

RHSA-2015:2505

RHSA-2015_2504

RHSA-2015_2505

Affected Products

Centos

Red Hat

Libreport

CVE-2015-5302

Weakness Enumeration

Related Identifiers

Affected Products

References · 12