CVE-2015-3315

Summary

CVE	CVE-2015-3315
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-06-26 15:29:00 UTC
Updated	2025-04-20 01:37:25 UTC
Description	Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt//maps, (2) /tmp/jvm-/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.

Risk And Classification

Primary CVSS: v3.0 7.8 HIGH from [email protected]

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types: CWE-59 | n/a

Version	Source	Type	Score	Severity	Vector
3.0	[email protected]	Primary	7.8	HIGH	`CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`
2.0	[email protected]	Primary	7.2		`AV:L/AC:L/Au:N/C:C/I:C/A:C`

CVSS v3.0 Breakdown

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 Breakdown

Access Vector

Local

Access Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Redhat	Automatic Bug Reporting Tool	-	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Hpc Node	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Hpc Node Eus	7.1	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.1	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	7.0	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
1211835 – (CVE-2015-3315) CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com	Issue Tracking, Third Party Advisory, VDB Entry
abrt CVE-2015-3315 Multiple Local Privilege Escalation Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Third Party Advisory, VDB Entry
Red Hat Customer Portal	af854a3a-2127-422b-91ae-364da2661108	rhn.redhat.com
Red Hat Customer Portal	af854a3a-2127-422b-91ae-364da2661108	rhn.redhat.com	Third Party Advisory
oss-security - Re: Problems in automatic crash analysis frameworks	af854a3a-2127-422b-91ae-364da2661108	www.openwall.com	Mailing List, Third Party Advisory
ABRT - 'raceabrt' Privilege Escalation (Metasploit) - Linux local Exploit	af854a3a-2127-422b-91ae-364da2661108	www.exploit-db.com
ccpp: open file for dump_fd_info with O_EXCL · abrt/abrt@d6e2f6f · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.com	Patch, Third Party Advisory
ccpp: fix symlink race conditions · abrt/abrt@80408e9 · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.com	Patch, Third Party Advisory
ccpp: stop reading hs_error.log from /tmp · abrt/abrt@17cb66b · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.com	Patch, Third Party Advisory
oss-security - Problems in automatic crash analysis frameworks	af854a3a-2127-422b-91ae-364da2661108	www.openwall.com	Mailing List, Third Party Advisory
ccpp: do not read data from root directories · abrt/abrt@4f2c1dd · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.com	Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.