CVE-2015-3142

abrt: abrt-hook-ccpp writes core dumps to existing files owned by others

Severity Score

4.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.

El invocador de volcado del procesador del kernel en Automatic Bug Reporting Tool (ABRT) no comprueba correctamente la propiedad de los archivos antes de escribir el volcado del kernel, lo cual permite a los usuarios obtener información delicada aprovechando los permisos de escritura sobre el directorio de trabajo de una aplicación caída.

It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp).

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-10 CVE Reserved
2015-06-10 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (6)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2015/04/17/5	Mailing List
http://www.securityfocus.com/bid/75116	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2015-1083.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1210.html	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=1212818	2015-07-07
https://access.redhat.com/security/cve/CVE-2015-3142	2015-07-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Automatic Bug Reporting Tool Search vendor "Redhat" for product "Automatic Bug Reporting Tool"				<= 2.1.11 Search vendor "Redhat" for product "Automatic Bug Reporting Tool" and version " <= 2.1.11"		-		Affected