Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-5273

CWE-59 CWE-3777 documents6 sources

Severity

3.6LOW

EPSS

0.3%

top 43.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Redhat Automatic BUG Reporting Tool Redhat Enterprise Linux Desktop Redhat Enterprise Linux HPC Node +2 more

Timeline

PublishedDec 7

Latest updateMay 17

Description

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages5 packages

▶NVDredhat/automatic_bug_reporting_tool2.7.0

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_hpc_node7.0

▶NVDredhat/enterprise_linux_workstation7.0

🔴Vulnerability Details

GHSA

GHSA-w546-43x5-c5vq: The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2↗2022-05-17

▶

CVEList

CVE-2015-5273: The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2↗2015-12-07

▶

💥Exploits & PoCs

Exploit-DB

abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation↗2015-12-01

▶

📋Vendor Advisories

Red Hat

abrt: Insecure temporary directory usage in abrt-action-install-debuginfo-to-abrt-cache↗2015-11-23

▶

💬Community

Bugzilla

CVE-2015-5273 abrt: Insecure temporary directory usage in abrt-action-install-debuginfo-to-abrt-cache [fedora-all]↗2015-11-23

▶

Bugzilla

CVE-2015-5273 abrt: Insecure temporary directory usage in abrt-action-install-debuginfo-to-abrt-cache↗2015-09-11

▶