Vulnerability Description
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Automatic Bug Reporting Tool | <= 2.7.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Hpc Node | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172809.h
- http://rhn.redhat.com/errata/RHSA-2015-2505.htmlVendor Advisory
- http://www.openwall.com/lists/oss-security/2015/12/01/1Exploit
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h
- http://www.securityfocus.com/bid/78113
- https://bugzilla.redhat.com/show_bug.cgi?id=1262252Exploit
- https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172809.h
- http://rhn.redhat.com/errata/RHSA-2015-2505.htmlVendor Advisory
- http://www.openwall.com/lists/oss-security/2015/12/01/1Exploit
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h
- http://www.securityfocus.com/bid/78113
- https://bugzilla.redhat.com/show_bug.cgi?id=1262252Exploit
- https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e
FAQ
What is CVE-2015-5273?
CVE-2015-5273 is a vulnerability with a CVSS score of 3.6 (LOW). The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in...
How severe is CVE-2015-5273?
CVE-2015-5273 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5273?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Automatic Bug Reporting Tool, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.