CVE-2015-3315 Information

Description

Automatic Bug Reporting Tool (ABRT) allows local users to read change the ownership of or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt//maps (2) /tmp/jvm-/hs_error.log (3) /proc/1/exe /proc/10/exe /proc/100/exe /proc/1004/exe /proc/101/exe /proc/1011/exe /proc/1014/exe /proc/1017/exe /proc/102/exe /proc/104/exe /proc/105/exe /proc/106/exe /proc/107/exe /proc/1076/exe /proc/1078/exe /proc/1079/exe /proc/108/exe /proc/1080/exe /proc/11/exe /proc/110/exe /proc/111/exe /proc/111680/exe /proc/112/exe /proc/113/exe /proc/1136/exe /proc/114/exe /proc/1142194/exe /proc/1149/exe /proc/116/exe /proc/117/exe /proc/1170624/exe /proc/118/exe /proc/1187/exe /proc/119/exe /proc/12/exe /proc/120/exe /proc/122/exe /proc/123/exe /proc/124/exe /proc/1247030/exe /proc/125/exe /proc/126/exe /proc/128/exe /proc/129/exe /proc/1295/exe /proc/1296/exe /proc/1297/exe /proc/130/exe /proc/131/exe /proc/132/exe /proc/133576/exe /proc/134/exe /proc/135/exe /proc/135144/exe /proc/136/exe /proc/137/exe /proc/138/exe /proc/14/exe /proc/140/exe /proc/141/exe /proc/142/exe /proc/143/exe /proc/144/exe /proc/1459395/exe /proc/146/exe /proc/147/exe /proc/148/exe /proc/149/exe /proc/15/exe /proc/150/exe /proc/1519591/exe /proc/152/exe /proc/1523039/exe /proc/153/exe /proc/154/exe /proc/155/exe /proc/156/exe /proc/16/exe /proc/161/exe /proc/161312/exe /proc/162/exe /proc/162173/exe /proc/163/exe /proc/164/exe /proc/1640/exe /proc/1645/exe /proc/165/exe /proc/1655625/exe /proc/166/exe /proc/17/exe /proc/1712346/exe /proc/1714067/exe /proc/1717478/exe /proc/1753679/exe /proc/1774321/exe /proc/1796716/exe /proc/18/exe /proc/1800175/exe /proc/1827692/exe /proc/1894924/exe /proc/1896665/exe /proc/1901856/exe /proc/1985995/exe /proc/2/exe /proc/20/exe /proc/2063671/exe /proc/2067082/exe /proc/21/exe /proc/213/exe /proc/214/exe /proc/215/exe /proc/216/exe /proc/2160015/exe /proc/217/exe /proc/218/exe /proc/219/exe /proc/22/exe /proc/220/exe /proc/221/exe /proc/2233877/exe /proc/2238987/exe /proc/2245932/exe /proc/2268315/exe /proc/229/exe /proc/23/exe /proc/230/exe /proc/232/exe /proc/2328457/exe /proc/233/exe /proc/2333586/exe /proc/2335310/exe /proc/2357555/exe /proc/2371325/exe /proc/239430/exe /proc/24/exe /proc/2400291/exe /proc/2464165/exe /proc/2488241/exe /proc/249/exe /proc/2508769/exe /proc/2519140/exe /proc/256/exe /proc/257/exe /proc/258/exe /proc/259/exe /proc/2595461/exe /proc/2598078/exe /proc/26/exe /proc/2608440/exe /proc/261/exe /proc/262/exe /proc/27/exe /proc/2702330/exe /proc/2704773/exe /proc/2712646/exe /proc/2712648/exe /proc/272/exe /proc/275/exe /proc/28/exe /proc/288/exe /proc/29/exe /proc/292/exe /proc/3/exe /proc/30/exe /proc/3019008/exe /proc/32/exe /proc/33/exe /proc/34/exe /proc/3428629/exe /proc/345275/exe /proc/35/exe /proc/352/exe /proc/353/exe /proc/354/exe /proc/355/exe /proc/356/exe /proc/357/exe /proc/3582186/exe /proc/36/exe /proc/3679467/exe /proc/3735110/exe /proc/38/exe /proc/385/exe /proc/386/exe /proc/39/exe /proc/3904031/exe /proc/4/exe /proc/40/exe /proc/403/exe /proc/407/exe /proc/41/exe /proc/412/exe /proc/413/exe /proc/414/exe /proc/415/exe /proc/416/exe /proc/417/exe /proc/4175461/exe /proc/418/exe /proc/42/exe /proc/426/exe /proc/433/exe /proc/434/exe /proc/435/exe /proc/44/exe /proc/45/exe /proc/456/exe /proc/46/exe /proc/47/exe /proc/48/exe /proc/497/exe /proc/498/exe /proc/499/exe /proc/50/exe /proc/51/exe /proc/52/exe /proc/525/exe /proc/526/exe /proc/53/exe /proc/531/exe /proc/54/exe /proc/552/exe /proc/559/exe /proc/56/exe /proc/562/exe /proc/563/exe /proc/57/exe /proc/571/exe /proc/574/exe /proc/575/exe /proc/576/exe /proc/58/exe /proc/585/exe /proc/59/exe /proc/599/exe /proc/6/exe /proc/60/exe /proc/619/exe /proc/62/exe /proc/63/exe /proc/64/exe /proc/65/exe /proc/66/exe /proc/679165/exe /proc/68/exe /proc/6808/exe /proc/684/exe /proc/6851/exe /proc/69/exe /proc/6929/exe /proc/6930/exe /proc/70/exe /proc/703/exe /proc/7041/exe /proc/71/exe /proc/72/exe /proc/736901/exe /proc/739/exe /proc/74/exe /proc/75/exe /proc/76/exe /proc/762/exe /proc/763131/exe /proc/767614/exe /proc/77/exe /proc/78/exe /proc/8/exe /proc/80/exe /proc/81/exe /proc/82/exe /proc/83/exe /proc/839/exe /proc/84/exe /proc/840/exe /proc/841/exe /proc/842/exe /proc/843/exe /proc/851/exe /proc/852/exe /proc/854/exe /proc/857/exe /proc/86/exe /proc/861/exe /proc/862/exe /proc/863/exe /proc/864/exe /proc/87/exe /proc/88/exe /proc/889/exe /proc/89/exe /proc/9/exe /proc/90/exe /proc/908964/exe /proc/916775/exe /proc/917/exe /proc/92/exe /proc/922/exe /proc/924/exe /proc/927/exe /proc/93/exe /proc/93775/exe /proc/94/exe /proc/95/exe /proc/956/exe /proc/96/exe /proc/967/exe /proc/970/exe /proc/98/exe /proc/986/exe /proc/987/exe /proc/99/exe /proc/999/exe /proc/self/exe /proc/thread-self/exe (4) /etc/os-release in a chroot or (5) an unspecified root directory related to librpm.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://rhn.redhat.com/errata/RHSA-2015-1083.html http://rhn.redhat.com/errata/RHSA-2015-1210.html http://www.openwall.com/lists/oss-security/2015/04/14/4 http://www.openwall.com/lists/oss-security/2015/04/16/12 http://www.securityfocus.com/bid/75117 https://bugzilla.redhat.com/show_bug.cgi?id=1211835 https://github.com/abrt/abrt/commit/17cb66b13997b0159b4253b3f5722db79f476d68 https://github.com/abrt/abrt/commit/4f2c1ddd3e3b81d2d5146b883115371f1cada9f9 https://github.com/abrt/abrt/commit/80408e9e24a1c10f85fd969e1853e0f192157f92 https://github.com/abrt/abrt/commit/d6e2f6f128cef4c21cb80941ae674c9842681aa7 https://www.exploit-db.com/exploits/44097/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8