CVE-2015-3147

CWE-59 CWE-2835 documents5 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 32.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

7

Abrt Abrt Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +4 more

Timeline

PublishedJan 14

Latest updateMay 24

Description

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5abrt/abrtbefore 2.6.0

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

Also affects: Enterprise Linux 7.3, 7.4, 7.6, 7.7, 7.1, 7.2, 7.5

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-hw2r-7jp6-9r7m: daemon/abrt-handle-upload↗2022-05-24

▶

CVEList

CVE-2015-3147: daemon/abrt-handle-upload↗2020-01-14

▶

📋Vendor Advisories

1

Red Hat

abrt: does not validate contents of uploaded problem reports↗2015-04-17

▶

💬Community

1

Bugzilla

CVE-2015-3147 abrt: does not validate contents of uploaded problem reports↗2015-04-17

▶