medium
6.9
CWE
59
Advisory Published
CVE Published
Updated

CVE-2015-5287

First published: Mon Sep 28 2015(Updated: )

A vulnerability allowing to elevate privileges from the abrt user to root was reported. If a program starting with the name "abrt" crashes, abrt-hook-ccpp will write the coredump to /var/tmp/abrt/$filename-coredump or /var/spool/abrt/$filename-coredump. From abrt-hook-ccpp.c: if (last_slash &amp;&amp; strncmp(++last_slash, "abrt", 4) == 0) { /* If abrtd/abrt-foo crashes, we don't want to create a _directory_, * since that can make new copy of abrtd to process it, * and maybe crash again... * Unlike dirs, mere files are ignored by abrtd. */ if (snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash) &gt;= sizeof(path)) error_msg_and_die("Error saving '%s': truncated long file path", path); int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_TRUNC, 0600); The call to xopen3() does not include the flag O_NOFOLLOW and is therefore vulnerable to a symlink attack. This vulnerability is not exploitable on RHEL installations with default configuration. It can be exploitable if the system is configured to use non-RHN yum repositories. This is because yum is normally not usable by non-root users if the only configured repositories are RHN. Note: This security flaw has been split from <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2015-5273 abrt: Insecure temporary directory usage in abrt-action-install-debuginfo-to-abrt-cache" href="show_bug.cgi?id=1262252">bug #1262252</a>.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Red Hat Automatic Bug Reporting Tool<=2.7.0
Red Hat Enterprise Linux Desktop=7.0
Red Hat Enterprise Linux HPC Node=7.0
Red Hat Enterprise Linux Server=7.0
Red Hat Enterprise Linux Workstation=7.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2015-5287?

    CVE-2015-5287 has a high severity rating due to its potential for privilege escalation from the abrt user to root.

  • How can I fix CVE-2015-5287?

    To fix CVE-2015-5287, you should update the Red Hat Automatic Bug Reporting Tool to a version above 2.7.0.

  • Which software is affected by CVE-2015-5287?

    CVE-2015-5287 affects Red Hat Automatic Bug Reporting Tool versions up to 2.7.0 and Red Hat Enterprise Linux 7.0.

  • What does CVE-2015-5287 allow an attacker to do?

    CVE-2015-5287 allows an attacker to elevate their privileges from the abrt user to root, posing a significant security risk.

  • Is CVE-2015-5287 specific to certain operating systems?

    Yes, CVE-2015-5287 is specifically reported for Red Hat Enterprise Linux distributions, including Workstation, Server, and HPC Node.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203