CVE-2015-3315

Published: Jun 26, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.

Affected (1)

Products: Redhat: Automatic Bug Reporting Tool

1 product

Automatic Bug Reporting Tool

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Redhat Automatic Bug Reporting Tool	All versions

Running on/with	Platform Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Hpc Node	Version 7.0
Redhat Enterprise Linux Hpc Node Eus	Version 7.1
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Eus	Version 7.1
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (22)

http://rhn.redhat.com/errata/RHSA-2015-1083.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1210.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/04/14/4

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/04/16/12

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/75117

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1211835

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://github.com/abrt/abrt/commit/17cb66b13997b0159b4253b3f5722db79f476d68

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/abrt/abrt/commit/4f2c1ddd3e3b81d2d5146b883115371f1cada9f9

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/abrt/abrt/commit/80408e9e24a1c10f85fd969e1853e0f192157f92

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/abrt/abrt/commit/d6e2f6f128cef4c21cb80941ae674c9842681aa7

Source: cve@mitre.org

PatchThird Party Advisory

https://www.exploit-db.com/exploits/44097/

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-1083.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1210.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2015/04/14/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/04/16/12

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/75117

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1211835

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryVDB Entry

https://github.com/abrt/abrt/commit/17cb66b13997b0159b4253b3f5722db79f476d68

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/abrt/abrt/commit/4f2c1ddd3e3b81d2d5146b883115371f1cada9f9

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/abrt/abrt/commit/80408e9e24a1c10f85fd969e1853e0f192157f92

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/abrt/abrt/commit/d6e2f6f128cef4c21cb80941ae674c9842681aa7

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.exploit-db.com/exploits/44097/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.