CVE-2015-3142: Infoleak
First published: Fri Apr 17 2015(Updated: )
It was discovered that the kernel-invoked coredump processor provided by abrt writes core dumps to files owned by other system users. This could result in information disclosure if an application crashes while its current directory is a directory writable to other users (such as /tmp). Acknowledgement: This issue was discovered by Florian Weimer of Red Hat Product Security.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Automatic Bug Reporting Tool | <=2.1.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1212821
- https://github.com/abrt/abrt/commit/af945ff58a698ce00c45059a05994ef53a13e192
- https://github.com/abrt/abrt/commit/806bb07571b698d90169c3b73cb65cd09c900284
- https://github.com/abrt/abrt/commit/b72616471ec52a009904689592f4f69e730a6f56
- https://github.com/abrt/abrt/commit/7269a2cc88735aee0d1fa62491b9efe73ab5c6e8
- https://rhn.redhat.com/errata/RHSA-2015-1083.html
- https://rhn.redhat.com/errata/RHSA-2015-1210.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1212818
- http://rhn.redhat.com/errata/RHSA-2015-1083.html
- http://rhn.redhat.com/errata/RHSA-2015-1210.html
- http://www.openwall.com/lists/oss-security/2015/04/17/5
- http://www.securityfocus.com/bid/75116
Frequently Asked Questions
What is the severity of CVE-2015-3142?
CVE-2015-3142 is rated as having a moderate severity level due to potential information disclosure risks.
How can I fix CVE-2015-3142?
To fix CVE-2015-3142, update the Red Hat Automatic Bug Reporting Tool to version 2.1.11 or later.
What systems are affected by CVE-2015-3142?
CVE-2015-3142 affects versions of the Red Hat Automatic Bug Reporting Tool prior to 2.1.11.
What kind of vulnerability is CVE-2015-3142?
CVE-2015-3142 is an information disclosure vulnerability arising from improper handling of core dump files.
Can CVE-2015-3142 lead to unauthorized access?
Yes, CVE-2015-3142 can potentially allow unauthorized users to access sensitive data from core dumps.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-3142
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat automatic bug reporting tool
- version/red hat automatic bug reporting tool/2.1.11