CVE-2015-3159

Опубликовано: 29 апр. 2015

Источник: redhat

CVSS2: 6.6

EPSS Низкий

Описание

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.

It was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1216962abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache

EPSS

Процентиль: 37%

0.00158

Низкий

6.6 Medium

CVSS2

Связанные уязвимости

CVE-2015-3159

CVSS3: 7.8

nvd

больше 5 лет назад

GHSA-77rf-6vjp-rjg6

CVSS3: 7.8

github

больше 3 лет назад

ELSA-2015-1210

oracle-oval

около 10 лет назад

ELSA-2015-1210: abrt security update (MODERATE)

ELSA-2015-1083