The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Feb 2023, 00:52
Type | Values Removed | Values Added |
---|---|---|
Summary | The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. | |
References |
|
02 Feb 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that the ABRT debug information installer (abrt-action-install-debuginfo-to-abrt-cache) did not use temporary directories in a secure way. A local attacker could use the flaw to create symbolic links and files at arbitrary locations as the abrt user. | |
References |
|
Information
Published : 2015-12-07 18:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-5273
Mitre link : CVE-2015-5273
CVE.ORG link : CVE-2015-5273
JSON object : View
Products Affected
redhat
- enterprise_linux_hpc_node
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_desktop
- automatic_bug_reporting_tool
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')