2 results (0.006 seconds)

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 5

The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment. La característica de reporte de cierres inesperados en Abrt permite que usuarios locales obtengan privilegios aprovechando un execve por root tras un chroot en un directorio especificado por el usuario en un entorno de espacio de nombres. Various security issues relating to symlink attacks and race conditions with Abrt and Apport are documented here. • https://www.exploit-db.com/exploits/36747 https://www.exploit-db.com/exploits/36746 http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html http://seclists.org/fulldisclosure/2015/Apr/34 http://www.openwall.com/lists/oss-security/2015/04/14/4 http://www.securityfocus.com/bid/74263 https://bugzilla.redh • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

ABRT might allow attackers to obtain sensitive information from crash reports. ABRT podría permitir a atacantes obtener información confidencial de los reportes de fallos. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071027.html https://exchange.xforce.ibmcloud.com/vulnerabilities/71871 https://access.redhat.com/security/cve/CVE-2011-4088 https://bugzilla.redhat.com/show_bug.cgi?id=749854 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •