CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4209
https://notcve.org/view.php?id=CVE-2013-4209
Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. Automatic Bug Reporting Tool (ABRT) en versiones anteriores a la 2.1.6 permite que usuarios locales obtengan información sensible sobre archivos arbitrarios mediante vectores relacionados con sha1sums. • https://bugzilla.redhat.com/show_bug.cgi?id=991604 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 5CVE-2015-5287 – ABRT - sosreport Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5287
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. El programa de ayuda abrt-hook-ccpp en Automatic Bug Reporting Tool (ABRT) en versiones anteriores a 2.7.1 permite a usuarios locales con ciertos permisos obtener privilegios a través de un ataque de enlace simbólico en un archivo con un nombre predecible, según lo demostrado por /var/tmp/abrt/abrt-hax-coredump o /var/spool/abrt/abrt-hax-coredump. It was discovered that the kernel-invoked coredump processor provided by ABRT did not handle symbolic links correctly when writing core dumps of ABRT programs to the ABRT dump directory (/var/spool/abrt). A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. • https://www.exploit-db.com/exploits/47421 https://www.exploit-db.com/exploits/38832 https://www.exploit-db.com/exploits/38835 http://packetstormsecurity.com/files/154592/ABRT-sosreport-Privilege-Escalation.html http://rhn.redhat.com/errata/RHSA-2015-2505.html http://www.openwall.com/lists/oss-security/2015/12/01/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/78137 https://bugzilla.redhat.com/show_bug.cgi?id=126 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3CVE-2015-5273 – abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5273
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. El programa de ayuda abrt-action-install-debuginfo-to-abrt-cache en Automatic Bug Reporting Tool (ABRT) en versiones anteriores a 2.7.1 permite a usuarios locales escribir archivos arbitrarios a través de un ataque de un enlace simbólico en unpacked.cpio en un directorio creado previamente con un nombre predecible en /var/tmp. It was found that the ABRT debug information installer (abrt-action-install-debuginfo-to-abrt-cache) did not use temporary directories in a secure way. A local attacker could use the flaw to create symbolic links and files at arbitrary locations as the abrt user. • https://www.exploit-db.com/exploits/38835 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172809.html http://rhn.redhat.com/errata/RHSA-2015-2505.html http://www.openwall.com/lists/oss-security/2015/12/01/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/78113 https://bugzilla.redhat.com/show_bug.cgi?id=1262252 https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e https://access. • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3142 – abrt: abrt-hook-ccpp writes core dumps to existing files owned by others
https://notcve.org/view.php?id=CVE-2015-3142
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application. El invocador de volcado del procesador del kernel en Automatic Bug Reporting Tool (ABRT) no comprueba correctamente la propiedad de los archivos antes de escribir el volcado del kernel, lo cual permite a los usuarios obtener información delicada aprovechando los permisos de escritura sobre el directorio de trabajo de una aplicación caída. It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). • http://rhn.redhat.com/errata/RHSA-2015-1083.html http://rhn.redhat.com/errata/RHSA-2015-1210.html http://www.openwall.com/lists/oss-security/2015/04/17/5 http://www.securityfocus.com/bid/75116 https://bugzilla.redhat.com/show_bug.cgi?id=1212818 https://access.redhat.com/security/cve/CVE-2015-3142 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2015-3147 – abrt: does not validate contents of uploaded problem reports
https://notcve.org/view.php?id=CVE-2015-3147
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. El archivo daemon/abrt-handle-upload.in en Automatic Bug Reporting Tool (ABRT), cuando mueve reportes de problemas desde /var/spool/abrt-upload, permite a usuarios locales escribir en archivos arbitrarios o posiblemente tener otro impacto no especificado por medio de un ataque de enlace simbólico en (1) /var/spool/abrt o (2) /var/tmp/abrt. It was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT, or to overwrite arbitrary files on the system. • http://rhn.redhat.com/errata/RHSA-2015-1083.html http://www.openwall.com/lists/oss-security/2015/04/17/5 https://bugzilla.redhat.com/show_bug.cgi?id=1212953 https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091 https://github.com/abrt/abrt/pull/955 https://access.redhat.com/security/cve/CVE-2015-3147 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-283: Unverified Ownership •