CVE-2015-1869
First published: Fri Apr 17 2015(Updated: )
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Automatic Bug Reporting Tool |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1212865
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1212868#c4
- https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca
- https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f
- https://rhn.redhat.com/errata/RHSA-2015-1083.html
- https://rhn.redhat.com/errata/RHSA-2015-1210.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1212861
- http://www.openwall.com/lists/oss-security/2015/04/17/5
Frequently Asked Questions
What is the severity of CVE-2015-1869?
CVE-2015-1869 has a severity rating of high with a score of 7.8.
How do I fix CVE-2015-1869?
To mitigate CVE-2015-1869, update the Automatic Bug Reporting Tool to the latest version that addresses this vulnerability.
What type of attack is associated with CVE-2015-1869?
CVE-2015-1869 is associated with a symlink attack that allows local users to gain elevated privileges.
Which software is affected by CVE-2015-1869?
The affected software for CVE-2015-1869 is the Red Hat Automatic Bug Reporting Tool.
Who can exploit CVE-2015-1869?
CVE-2015-1869 can be exploited by local users on the affected system.
- collector/redhat-bugzilla
- alias/CVE-2015-1869
- collector/nvd-index
- vendor/redhat
- product/automatic bug reporting tool
- canonical/redhat automatic bug reporting tool