Описание
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
It was discovered that the kernel-invoked coredump processor provided by ABRT did not handle symbolic links correctly when writing core dumps of ABRT programs to the ABRT dump directory (/var/spool/abrt). A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | abrt | Not affected | ||
| Red Hat Enterprise Linux 7 | abrt | Fixed | RHSA-2015:2505 | 23.11.2015 |
| Red Hat Enterprise Linux 7 | libreport | Fixed | RHSA-2015:2505 | 23.11.2015 |
Показывать по
Дополнительная информация
Статус:
6.9 Medium
CVSS2
Связанные уязвимости
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
ELSA-2015-2505: abrt and libreport security update (MODERATE)
6.9 Medium
CVSS2