CVE-2015-3159 Information

Description

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo which allows local users to gain privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1216962 https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8