Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-5287

Опубликовано: 07 дек. 2015
Источник: nvd
CVSS2: 6.9
EPSS Средний

Описание

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:automatic_bug_reporting_tool:*:*:*:*:*:*:*:*
Версия до 2.7.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.12902
Средний

6.9 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

redhat логотип

CVE-2015-5287

redhat
почти 10 лет назад

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.

github логотип

GHSA-hf8c-7p7w-mch5

github
больше 3 лет назад

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.

oracle-oval логотип

ELSA-2015-2505

oracle-oval
почти 10 лет назад

ELSA-2015-2505: abrt and libreport security update (MODERATE)

EPSS

Процентиль: 94%
0.12902
Средний

6.9 Medium

CVSS2

Дефекты

CWE-59