CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1870 – abrt: default abrt event scripts lead to information disclosure
https://notcve.org/view.php?id=CVE-2015-1870
The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors. Los scripts de eventos en Automatic Bug Reporting Tool (ABRT) usan permisos de lectura en una copia del archivo sosreport en directorios problemáticos, los cuales permiten a los usuarios locales obtener información sensible de /var/log/messages mediante vectores sin especificar. It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged users from accessing any crash reports, even reports of crashes of processes owned by those users. Only administrators (the wheel group members) are allowed to access crash reports via the "System" tab in the ABRT GUI, or by running abrt-cli as root (that is, via "sudo abrt-cli" or "su -c abrt-cli"). • http://rhn.redhat.com/errata/RHSA-2015-1083.html http://rhn.redhat.com/errata/RHSA-2015-1210.html http://www.securityfocus.com/bid/75119 https://bugzilla.redhat.com/show_bug.cgi?id=1212868 https://github.com/abrt/abrt/commit/7d023c32a565e83306cddf34c894477b7aaf33d1 https://github.com/abrt/abrt/commit/8939398b82006ba1fec4ed491339fc075f43fc7c https://github.com/abrt/libreport/commit/c962918bc70a61a8cc647898ee8b1ff1c14a87c5 https://access.redhat.com/security/cve/CVE-2015-1870 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3159 – abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache
https://notcve.org/view.php?id=CVE-2015-3159
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges. El programa de ayuda abrt-action-install-debuginfo-to-abrt-cache en Automatic Bug Reporting Tool (ABRT). no maneja apropiadamente el entorno del proceso antes de invocar a abrt-action-install-debuginfo, lo que permite a usuarios locales alcanzar privilegios. It was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=1216962 https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a https://access.redhat.com/security/cve/CVE-2015-3159 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 2CVE-2015-3315 – Abrt (Fedora 21) - Race Condition
https://notcve.org/view.php?id=CVE-2015-3315
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm. Automatic Bug Reporting Tool (ABRT) permite a usuarios locales leer, cambiar la propiedad o realizar otras acciones no especificada en archivos arbitrarios mediante symlink attack en (1) / var / tmp / abrt / * / maps, (2) / tmp /jvm-*/hs_error.log, (3) / proc / * / exe, (4) / etc / os-release en un chroot, o (5) un directorio raíz no especificado relacionado con librpm. It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use either of these flaws to potentially escalate their privileges on the system. • https://www.exploit-db.com/exploits/36747 https://www.exploit-db.com/exploits/44097 http://rhn.redhat.com/errata/RHSA-2015-1083.html http://rhn.redhat.com/errata/RHSA-2015-1210.html http://www.openwall.com/lists/oss-security/2015/04/14/4 http://www.openwall.com/lists/oss-security/2015/04/16/12 http://www.securityfocus.com/bid/75117 https://bugzilla.redhat.com/show_bug.cgi?id=1211835 https://github.com/abrt/abrt/commit/17cb66b13997b0159b4253b3f5722db79f476d68 https:/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1869 – abrt: default event scripts follow symbolic links
https://notcve.org/view.php?id=CVE-2015-1869
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. Los scripts de manejo de eventos predeterminados en Automatic Bug Reporting Tool (ABRT), permiten a usuarios locales alcanzar privilegios como es demostrado por un ataque de enlace simbólico en un archivo de var_log_messages. It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. • http://www.openwall.com/lists/oss-security/2015/04/17/5 https://bugzilla.redhat.com/show_bug.cgi?id=1212861 https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f https://access.redhat.com/security/cve/CVE-2015-1869 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3150 – abrt: abrt-dbus does not guard against crafted problem directory path arguments
https://notcve.org/view.php?id=CVE-2015-3150
abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. abrt-dbus en Automatic Bug Reporting Tool (ABRT), permite a usuarios locales eliminar o cambiar la propiedad de archivos arbitrarios por medio del argumento del directorio problema en el método (1) ChownProblemDir, (2) DeleteElement o (3) DeleteProblem. It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and directories as the root user. • https://bugzilla.redhat.com/show_bug.cgi?id=1214457 https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8 https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1 https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7 https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75 https://access.redhat.com/security/cve/CVE-2015-3150 • CWE-20: Improper Input Validation •