CVE-2015-5287

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:automatic_bug_reporting_tool:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Information

Published : 2015-12-07 10:59

Updated : 2016-12-07 10:16


NVD link : CVE-2015-5287

Mitre link : CVE-2015-5287


JSON object : View

CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa

Products Affected

redhat

  • enterprise_linux_desktop
  • enterprise_linux_hpc_node
  • enterprise_linux_workstation
  • automatic_bug_reporting_tool
  • enterprise_linux_server