abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1214457 | Issue Tracking Third Party Advisory |
https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8 | Patch Third Party Advisory |
https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1 | Patch Third Party Advisory |
https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7 | Patch Third Party Advisory |
https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75 | Patch Third Party Advisory |
Configurations
History
13 Feb 2023, 00:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. |
02 Feb 2023, 20:20
Type | Values Removed | Values Added |
---|---|---|
Summary | It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and directories as the root user. | |
References |
|
Information
Published : 2020-01-14 18:15
Updated : 2023-12-10 13:13
NVD link : CVE-2015-3150
Mitre link : CVE-2015-3150
CVE.ORG link : CVE-2015-3150
JSON object : View
Products Affected
redhat
- automatic_bug_reporting_tool
CWE
CWE-20
Improper Input Validation