CVE-2015-3142
Summary
| CVE | CVE-2015-3142 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-26 15:29:00 UTC |
| Updated | 2023-02-13 00:47:00 UTC |
| Description | The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Automatic Bug Reporting Tool | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| 1212818 – (CVE-2015-3142) CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others | CONFIRM | bugzilla.redhat.com | Issue Tracking, Vendor Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| oss-security - Re: Problems in automatic crash analysis frameworks | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| access.redhat.com | CVE-2015-3142 | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Abrt CVE-2015-3142 Local Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.