CVE-2015-3315
Abrt (Fedora 21) - Race Condition
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
Automatic Bug Reporting Tool (ABRT) permite a usuarios locales leer, cambiar la propiedad o realizar otras acciones no especificada en archivos arbitrarios mediante symlink attack en (1) / var / tmp / abrt / * / maps, (2) / tmp /jvm-*/hs_error.log, (3) / proc / * / exe, (4) / etc / os-release en un chroot, o (5) un directorio raĆz no especificado relacionado con librpm.
It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use either of these flaws to potentially escalate their privileges on the system.
ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-14 First Exploit
- 2015-04-16 CVE Reserved
- 2015-06-10 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/04/14/4 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/04/16/12 | Mailing List |
|
| http://www.securityfocus.com/bid/75117 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/146411 | 2018-02-15 | |
| https://www.exploit-db.com/exploits/36747 | 2015-04-14 | |
| https://www.exploit-db.com/exploits/44097 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-1083.html | 2018-02-19 | |
| http://rhn.redhat.com/errata/RHSA-2015-1210.html | 2018-02-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1211835 | 2015-07-07 | |
| https://access.redhat.com/security/cve/CVE-2015-3315 | 2015-07-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Automatic Bug Reporting Tool Search vendor "Redhat" for product "Automatic Bug Reporting Tool" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Automatic Bug Reporting Tool Search vendor "Redhat" for product "Automatic Bug Reporting Tool" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Hpc Node Search vendor "Redhat" for product "Enterprise Linux Hpc Node" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Hpc Node" and version "7.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Automatic Bug Reporting Tool Search vendor "Redhat" for product "Automatic Bug Reporting Tool" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Hpc Node Eus Search vendor "Redhat" for product "Enterprise Linux Hpc Node Eus" | 7.1 Search vendor "Redhat" for product "Enterprise Linux Hpc Node Eus" and version "7.1" | - |
Safe
|
| Redhat Search vendor "Redhat" | Automatic Bug Reporting Tool Search vendor "Redhat" for product "Automatic Bug Reporting Tool" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Automatic Bug Reporting Tool Search vendor "Redhat" for product "Automatic Bug Reporting Tool" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.1 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.1" | - |
Safe
|
| Redhat Search vendor "Redhat" | Automatic Bug Reporting Tool Search vendor "Redhat" for product "Automatic Bug Reporting Tool" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Safe
|