CVE-2015-1862: Race Condition
First published: Mon Apr 13 2015(Updated: )
A local privilege escalation flaw was found in abrt, in the way certain core-handlers were specified by the abrt application. Specifically this issue affects those abrt versions in which the following core-handler was used: HOOK_BIN="/usr/sbin/chroot /proc/%P/root @libexecdir@/abrt-hook-ccpp" This commit was added to abrt via: (To add support for handling crashes inside containers) <a href="https://github.com/abrt/abrt/commit/4ab9fbe1a6b7889a0cd59b1406e8789d52171fd2">https://github.com/abrt/abrt/commit/4ab9fbe1a6b7889a0cd59b1406e8789d52171fd2</a> <a href="https://github.com/abrt/abrt/issues/809">https://github.com/abrt/abrt/issues/809</a> But later removed via: <a href="https://github.com/abrt/abrt/commit/cdb507ed336fa30151eefa6510d20c9271e7fc82">https://github.com/abrt/abrt/commit/cdb507ed336fa30151eefa6510d20c9271e7fc82</a> No version of Red Hat Enterprise Linux or Fedora ships abrt with the above vulnerable code. Support for containers was re-added in abrt (using a different method this time) via: <a href="https://github.com/abrt/abrt/commit/a6cdfd6a16251447264d203e145624a96fa811e3">https://github.com/abrt/abrt/commit/a6cdfd6a16251447264d203e145624a96fa811e3</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS ABRT CLI | <=2.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/abrt/abrt/commit/4ab9fbe1a6b7889a0cd59b1406e8789d52171fd2
- https://github.com/abrt/abrt/issues/809
- https://github.com/abrt/abrt/commit/cdb507ed336fa30151eefa6510d20c9271e7fc82
- https://github.com/abrt/abrt/commit/a6cdfd6a16251447264d203e145624a96fa811e3
- http://www.openwall.com/lists/oss-security/2015/04/14/4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1211223#c3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1211223#c4
- https://access.redhat.com/security/cve/CVE-2015-1862
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1211835
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1211223#c7
- https://bugzilla.redhat.com/show_bug.cgi?id=1211223
- http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html
- http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html
- http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html
- http://seclists.org/fulldisclosure/2015/Apr/34
- http://www.securityfocus.com/bid/74263
- https://github.com/abrt/abrt/pull/810
- https://www.exploit-db.com/exploits/36746/
- https://www.exploit-db.com/exploits/36747/
Frequently Asked Questions
What is the severity of CVE-2015-1862?
The severity of CVE-2015-1862 is rated as high with a severity score of 7.
How do I fix CVE-2015-1862?
To fix CVE-2015-1862, update Abrt to version 2.2.1 or later.
What software is affected by CVE-2015-1862?
CVE-2015-1862 affects Abrt versions up to and including 2.2.0.
What type of vulnerability is CVE-2015-1862?
CVE-2015-1862 is a privilege escalation vulnerability.
What is the exploit method for CVE-2015-1862?
CVE-2015-1862 can be exploited by local users leveraging an execve by root after a chroot into a user-specified directory in a namespaced environment.
- collector/redhat-bugzilla
- alias/CVE-2015-1862
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/weakness
- agent/remedy
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/abrt project
- canonical/centos abrt cli
- version/centos abrt cli/2.2.0