CVE-2015-1869

Опубликовано: 17 апр. 2015

Источник: redhat

CVSS2: 7.2

Описание

The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.

It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-59

https://bugzilla.redhat.com/show_bug.cgi?id=1212861abrt: default event scripts follow symbolic links

7.2 High

CVSS2

Связанные уязвимости

CVE-2015-1869

CVSS3: 7.8

nvd

больше 5 лет назад

The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.

GHSA-qpcr-j696-v456

CVSS3: 7.8

github

больше 3 лет назад

The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.

ELSA-2015-1210

oracle-oval

около 10 лет назад

ELSA-2015-1210: abrt security update (MODERATE)

ELSA-2015-1083

oracle-oval

около 10 лет назад

ELSA-2015-1083: abrt security update (IMPORTANT)

7.2 High

CVSS2