CVE-2015-3142

Опубликовано: 26 июн. 2017

Источник: nvd

CVSS3: 4.7

CVSS2: 1.9

EPSS Низкий

Описание

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.

Ссылки

http://rhn.redhat.com/errata/RHSA-2015-1083.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1210.html
http://www.openwall.com/lists/oss-security/2015/04/17/5
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/75116
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1212818
Issue Tracking
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1083.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1210.html
http://www.openwall.com/lists/oss-security/2015/04/17/5
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/75116
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1212818
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:automatic_bug_reporting_tool:*:*:*:*:*:*:*:*

Версия до 2.1.11 (включая)

EPSS

Процентиль: 30%

0.00111

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-3142

redhat

больше 10 лет назад

GHSA-fpvf-mw5r-q2rm

CVSS3: 4.7

github

больше 3 лет назад

ELSA-2015-1210

oracle-oval

около 10 лет назад

ELSA-2015-1210: abrt security update (MODERATE)

ELSA-2015-1083