8 results (0.006 seconds)

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. Automatic Bug Reporting Tool (ABRT) en versiones anteriores a la 2.1.6 permite que usuarios locales obtengan información sensible sobre archivos arbitrarios mediante vectores relacionados con sha1sums. • https://bugzilla.redhat.com/show_bug.cgi?id=991604 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 5

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. El programa de ayuda abrt-hook-ccpp en Automatic Bug Reporting Tool (ABRT) en versiones anteriores a 2.7.1 permite a usuarios locales con ciertos permisos obtener privilegios a través de un ataque de enlace simbólico en un archivo con un nombre predecible, según lo demostrado por /var/tmp/abrt/abrt-hax-coredump o /var/spool/abrt/abrt-hax-coredump. It was discovered that the kernel-invoked coredump processor provided by ABRT did not handle symbolic links correctly when writing core dumps of ABRT programs to the ABRT dump directory (/var/spool/abrt). A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. • https://www.exploit-db.com/exploits/47421 https://www.exploit-db.com/exploits/38832 https://www.exploit-db.com/exploits/38835 http://packetstormsecurity.com/files/154592/ABRT-sosreport-Privilege-Escalation.html http://rhn.redhat.com/errata/RHSA-2015-2505.html http://www.openwall.com/lists/oss-security/2015/12/01/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/78137 https://bugzilla.redhat.com/show_bug.cgi?id=126 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. El programa de ayuda abrt-action-install-debuginfo-to-abrt-cache en Automatic Bug Reporting Tool (ABRT) en versiones anteriores a 2.7.1 permite a usuarios locales escribir archivos arbitrarios a través de un ataque de un enlace simbólico en unpacked.cpio en un directorio creado previamente con un nombre predecible en /var/tmp. It was found that the ABRT debug information installer (abrt-action-install-debuginfo-to-abrt-cache) did not use temporary directories in a secure way. A local attacker could use the flaw to create symbolic links and files at arbitrary locations as the abrt user. • https://www.exploit-db.com/exploits/38835 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172809.html http://rhn.redhat.com/errata/RHSA-2015-2505.html http://www.openwall.com/lists/oss-security/2015/12/01/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/78113 https://bugzilla.redhat.com/show_bug.cgi?id=1262252 https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e https://access. • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application. El invocador de volcado del procesador del kernel en Automatic Bug Reporting Tool (ABRT) no comprueba correctamente la propiedad de los archivos antes de escribir el volcado del kernel, lo cual permite a los usuarios obtener información delicada aprovechando los permisos de escritura sobre el directorio de trabajo de una aplicación caída. It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). • http://rhn.redhat.com/errata/RHSA-2015-1083.html http://rhn.redhat.com/errata/RHSA-2015-1210.html http://www.openwall.com/lists/oss-security/2015/04/17/5 http://www.securityfocus.com/bid/75116 https://bugzilla.redhat.com/show_bug.cgi?id=1212818 https://access.redhat.com/security/cve/CVE-2015-3142 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors. Los scripts de eventos en Automatic Bug Reporting Tool (ABRT) usan permisos de lectura en una copia del archivo sosreport en directorios problemáticos, los cuales permiten a los usuarios locales obtener información sensible de /var/log/messages mediante vectores sin especificar. It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged users from accessing any crash reports, even reports of crashes of processes owned by those users. Only administrators (the wheel group members) are allowed to access crash reports via the "System" tab in the ABRT GUI, or by running abrt-cli as root (that is, via "sudo abrt-cli" or "su -c abrt-cli"). • http://rhn.redhat.com/errata/RHSA-2015-1083.html http://rhn.redhat.com/errata/RHSA-2015-1210.html http://www.securityfocus.com/bid/75119 https://bugzilla.redhat.com/show_bug.cgi?id=1212868 https://github.com/abrt/abrt/commit/7d023c32a565e83306cddf34c894477b7aaf33d1 https://github.com/abrt/abrt/commit/8939398b82006ba1fec4ed491339fc075f43fc7c https://github.com/abrt/libreport/commit/c962918bc70a61a8cc647898ee8b1ff1c14a87c5 https://access.redhat.com/security/cve/CVE-2015-1870 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •