CVE-2015-3159

Published: Jan 14, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.

Affected (1)

Products: Redhat: Automatic Bug Reporting Tool

Redhat

1 product

Automatic Bug Reporting Tool

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Automatic Bug Reporting Tool	All versions

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=1216962

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b

Source: secalert@redhat.com

PatchThird Party Advisory

https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a

Source: secalert@redhat.com

PatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1216962

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.