Описание
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
A flaw was found in the way certain ABRT core handlers processed crash reports in a namespaced environment. A local, unprivileged user could use this flaw to escalate their privileges on the system.
Отчет
Not vulnerable. This issue does not affect the version of abrt package as shipped with Red Hat Enterprise Linux 6 and 7. Additional information about this is available at https://bugzilla.redhat.com/show_bug.cgi?id=1211223#c7
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | abrt | Not affected | ||
| Red Hat Enterprise Linux 7 | abrt | Not affected | ||
| Red Hat Storage 3.0 | abrt | Not affected |
Показывать по
Дополнительная информация
Статус:
7.2 High
CVSS2
Связанные уязвимости
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
7.2 High
CVSS2