CVE-2015-3147
First published: Fri Apr 17 2015(Updated: )
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Automatic Bug Reporting Tool | ||
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Server | =7.1 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/abrt/abrt/pull/955
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1212953#c3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1212953#c4
- https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091
- https://rhn.redhat.com/errata/RHSA-2015-1083.html
- https://rhn.redhat.com/errata/RHSA-2015-1210.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1212953
- http://rhn.redhat.com/errata/RHSA-2015-1083.html
- http://www.openwall.com/lists/oss-security/2015/04/17/5
Frequently Asked Questions
What is the severity of CVE-2015-3147?
CVE-2015-3147 is classified as a medium severity vulnerability, allowing local users to potentially write to arbitrary files.
How do I fix CVE-2015-3147?
To fix CVE-2015-3147, ensure to update the Automatic Bug Reporting Tool (ABRT) to the latest version provided by Red Hat.
Who is affected by CVE-2015-3147?
CVE-2015-3147 affects users of Red Hat Automatic Bug Reporting Tool on various Red Hat Enterprise Linux versions.
What is the impact of CVE-2015-3147?
The impact of CVE-2015-3147 includes potential unauthorized file writes by local users through a symlink attack.
Is there a workaround for CVE-2015-3147?
A possible workaround for CVE-2015-3147 is to restrict user access to the directories involved in the bug reporting process.
- agent/type
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-3147
- agent/remedy
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat automatic bug reporting tool
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.7
- version/red hat enterprise linux server/7.1
- version/red hat enterprise linux server/7.2
- version/red hat enterprise linux server/7.5
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0