CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1870 – abrt: default abrt event scripts lead to information disclosure
https://notcve.org/view.php?id=CVE-2015-1870
The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors. Los scripts de eventos en Automatic Bug Reporting Tool (ABRT) usan permisos de lectura en una copia del archivo sosreport en directorios problemáticos, los cuales permiten a los usuarios locales obtener información sensible de /var/log/messages mediante vectores sin especificar. It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged users from accessing any crash reports, even reports of crashes of processes owned by those users. Only administrators (the wheel group members) are allowed to access crash reports via the "System" tab in the ABRT GUI, or by running abrt-cli as root (that is, via "sudo abrt-cli" or "su -c abrt-cli"). • http://rhn.redhat.com/errata/RHSA-2015-1083.html http://rhn.redhat.com/errata/RHSA-2015-1210.html http://www.securityfocus.com/bid/75119 https://bugzilla.redhat.com/show_bug.cgi?id=1212868 https://github.com/abrt/abrt/commit/7d023c32a565e83306cddf34c894477b7aaf33d1 https://github.com/abrt/abrt/commit/8939398b82006ba1fec4ed491339fc075f43fc7c https://github.com/abrt/libreport/commit/c962918bc70a61a8cc647898ee8b1ff1c14a87c5 https://access.redhat.com/security/cve/CVE-2015-1870 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3142 – abrt: abrt-hook-ccpp writes core dumps to existing files owned by others
https://notcve.org/view.php?id=CVE-2015-3142
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application. El invocador de volcado del procesador del kernel en Automatic Bug Reporting Tool (ABRT) no comprueba correctamente la propiedad de los archivos antes de escribir el volcado del kernel, lo cual permite a los usuarios obtener información delicada aprovechando los permisos de escritura sobre el directorio de trabajo de una aplicación caída. It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). • http://rhn.redhat.com/errata/RHSA-2015-1083.html http://rhn.redhat.com/errata/RHSA-2015-1210.html http://www.openwall.com/lists/oss-security/2015/04/17/5 http://www.securityfocus.com/bid/75116 https://bugzilla.redhat.com/show_bug.cgi?id=1212818 https://access.redhat.com/security/cve/CVE-2015-3142 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2015-3147 – abrt: does not validate contents of uploaded problem reports
https://notcve.org/view.php?id=CVE-2015-3147
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. El archivo daemon/abrt-handle-upload.in en Automatic Bug Reporting Tool (ABRT), cuando mueve reportes de problemas desde /var/spool/abrt-upload, permite a usuarios locales escribir en archivos arbitrarios o posiblemente tener otro impacto no especificado por medio de un ataque de enlace simbólico en (1) /var/spool/abrt o (2) /var/tmp/abrt. It was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT, or to overwrite arbitrary files on the system. • http://rhn.redhat.com/errata/RHSA-2015-1083.html http://www.openwall.com/lists/oss-security/2015/04/17/5 https://bugzilla.redhat.com/show_bug.cgi?id=1212953 https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091 https://github.com/abrt/abrt/pull/955 https://access.redhat.com/security/cve/CVE-2015-3147 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-283: Unverified Ownership •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3150 – abrt: abrt-dbus does not guard against crafted problem directory path arguments
https://notcve.org/view.php?id=CVE-2015-3150
abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. abrt-dbus en Automatic Bug Reporting Tool (ABRT), permite a usuarios locales eliminar o cambiar la propiedad de archivos arbitrarios por medio del argumento del directorio problema en el método (1) ChownProblemDir, (2) DeleteElement o (3) DeleteProblem. It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and directories as the root user. • https://bugzilla.redhat.com/show_bug.cgi?id=1214457 https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8 https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1 https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7 https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75 https://access.redhat.com/security/cve/CVE-2015-3150 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3151 – abrt: directory traversals in several D-Bus methods implemented by abrt-dbus
https://notcve.org/view.php?id=CVE-2015-3151
Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method. Una vulnerabilidad de salto de directorio en abrt-dbus en Automatic Bug Reporting Tool (ABRT), permite a usuarios locales leer, escribir o cambiar la propiedad de archivos arbitrarios por medio de vectores no especificados en el método (1) NewProblem, (2) GetInfo, (3) SetElement, o (4) DeleteElement. Multiple directory traversal flaws were found in the abrt-dbus D-Bus service. A local attacker could use these flaws to read and write arbitrary files as the root user. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151 https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3 https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932 https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277 https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364 https://access.redhat.com/security/cve/CVE-2015-3151 https://bugzilla.redhat.com/show_bug.cgi? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •