CVE-2015-3142: Infoleak
First published: Fri Apr 17 2015(Updated: )
It was discovered that the kernel-invoked coredump processor provided by abrt writes core dumps to files owned by other system users. This could result in information disclosure if an application crashes while its current directory is a directory writable to other users (such as /tmp). Acknowledgement: This issue was discovered by Florian Weimer of Red Hat Product Security.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Automatic Bug Reporting Tool | <=2.1.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1212821
- https://github.com/abrt/abrt/commit/af945ff58a698ce00c45059a05994ef53a13e192
- https://github.com/abrt/abrt/commit/806bb07571b698d90169c3b73cb65cd09c900284
- https://github.com/abrt/abrt/commit/b72616471ec52a009904689592f4f69e730a6f56
- https://github.com/abrt/abrt/commit/7269a2cc88735aee0d1fa62491b9efe73ab5c6e8
- https://rhn.redhat.com/errata/RHSA-2015-1083.html
- https://rhn.redhat.com/errata/RHSA-2015-1210.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1212818
- http://rhn.redhat.com/errata/RHSA-2015-1083.html
- http://rhn.redhat.com/errata/RHSA-2015-1210.html
- http://www.openwall.com/lists/oss-security/2015/04/17/5
- http://www.securityfocus.com/bid/75116
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-3142
- vendor/redhat
- canonical/redhat automatic bug reporting tool
- version/redhat automatic bug reporting tool/2.1.11