CVE-2015-3159

Опубликовано: 14 янв. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1216962
Issue Tracking
Third Party Advisory
https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b
Patch
Third Party Advisory
https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1216962
Issue Tracking
Third Party Advisory
https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b
Patch
Third Party Advisory
https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00158

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2015-3159

redhat

больше 10 лет назад

GHSA-77rf-6vjp-rjg6

CVSS3: 7.8

github

больше 3 лет назад

ELSA-2015-1210

oracle-oval

около 10 лет назад

ELSA-2015-1210: abrt security update (MODERATE)

ELSA-2015-1083