CVE-2015-3142

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
redhatautomatic_bug_reporting_tool
𝑥
≤ 2.1.11
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
abrt
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-addon-ccpp
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-addon-kerneloops
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-addon-pstoreoops
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-addon-python
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-addon-upload-watch
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-addon-vmcore
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-addon-xorg
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-cli
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-console-notification
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-dbus
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-desktop
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-devel
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-gui
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-gui-devel
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-gui-libs
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-libs
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-python
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-python-doc
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-retrace-client
RHEL 7
0:2.1.11-22.el7_1
fixed
abrt-tui
RHEL 6
0:2.0.8-26.el6_6.1
fixed
RHEL 7
0:2.1.11-22.el7_1
fixed
libreport
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-anaconda
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-cli
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-compat
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-devel
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-filesystem
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-gtk
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-gtk-devel
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-newt
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-plugin-bugzilla
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-plugin-kerneloops
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-plugin-logger
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-plugin-mailx
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-plugin-reportuploader
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-plugin-rhtsupport
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-plugin-ureport
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-python
RHEL 6
0:2.0.9-21.el6_6.1
fixed
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-rhel
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-rhel-anaconda-bugzilla
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-rhel-bugzilla
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-web
RHEL 7
0:2.1.11-23.el7_1
fixed
libreport-web-devel
RHEL 7
0:2.1.11-23.el7_1
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2015-1083.html
http://rhn.redhat.com/errata/RHSA-2015-1210.html
http://www.openwall.com/lists/oss-security/2015/04/17/5
http://www.securityfocus.com/bid/75116
https://bugzilla.redhat.com/show_bug.cgi?id=1212818
http://rhn.redhat.com/errata/RHSA-2015-1083.html
http://rhn.redhat.com/errata/RHSA-2015-1210.html
http://www.openwall.com/lists/oss-security/2015/04/17/5
http://www.securityfocus.com/bid/75116
https://bugzilla.redhat.com/show_bug.cgi?id=1212818