CVE-2015-3150
Summary
| CVE | CVE-2015-3150 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-14 18:15:00 UTC |
| Updated | 2023-02-13 00:47:00 UTC |
| Description | abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Automatic Bug Reporting Tool | - | All | All | All |
| Application | Redhat | Automatic Bug Reporting Tool | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| access.redhat.com | CVE-2015-3150 | MISC | access.redhat.com | |
| 1214457 – (CVE-2015-3150) CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments | MISC | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| dbus: avoid race-conditions in tests for dum dir availability · abrt/abrt@7814554 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| lib: fix races in dump directory handling code · abrt/libreport@1951e72 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| lib: add functions validating dump dir · abrt/abrt@b7f8bd2 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| dbus: process only valid sub-directories of the dump location · abrt/abrt@6e811d7 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.