CVE-2015-5273
abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
El programa de ayuda abrt-action-install-debuginfo-to-abrt-cache en Automatic Bug Reporting Tool (ABRT) en versiones anteriores a 2.7.1 permite a usuarios locales escribir archivos arbitrarios a través de un ataque de un enlace simbólico en unpacked.cpio en un directorio creado previamente con un nombre predecible en /var/tmp.
It was found that the ABRT debug information installer (abrt-action-install-debuginfo-to-abrt-cache) did not use temporary directories in a secure way. A local attacker could use the flaw to create symbolic links and files at arbitrary locations as the abrt user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-07-01 CVE Reserved
- 2015-11-23 CVE Published
- 2015-12-01 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- CWE-377: Insecure Temporary File
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/78113 | Vdb Entry | |
| https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38835 | 2015-12-01 | |
| http://www.openwall.com/lists/oss-security/2015/12/01/1 | 2024-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1262252 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172809.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2015-2505.html | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2015-5273 | 2015-11-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Automatic Bug Reporting Tool Search vendor "Redhat" for product "Automatic Bug Reporting Tool" | <= 2.7.0 Search vendor "Redhat" for product "Automatic Bug Reporting Tool" and version " <= 2.7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Hpc Node Search vendor "Redhat" for product "Enterprise Linux Hpc Node" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Hpc Node" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||