Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1862Race Condition in Project Abrt

CWE-362Race Condition8 documents6 sources
Severity
7.0HIGHNVD
EPSS
4.7%
top 10.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Abrt Project Abrt
Timeline
PublishedFeb 9
Latest updateMay 14

Description

The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-vwwv-5cgp-6jw3: The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directo2022-05-14
CVEList
CVE-2015-1862: The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directo2018-02-09

💥Exploits & PoCs

2
Exploit-DB
Apport/Abrt (Ubuntu / Fedora) - Local Privilege Escalation2015-04-14
Exploit-DB
Abrt (Fedora 21) - Race Condition2015-04-14

📋Vendor Advisories

1
Red Hat
abrt: local privilege escalation through kernel.core_pattern2015-04-14

💬Community

2
Bugzilla
CVE-2015-5271 openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware2015-09-10
Bugzilla
CVE-2015-1862 abrt: local privilege escalation through kernel.core_pattern2015-04-13
CVE-2015-1862 — Race Condition in Abrt Project Abrt | cvebase