{"api_version":"1","generated_at":"2026-04-24T20:52:05+00:00","cve":"CVE-2015-3142","urls":{"html":"https://cve.report/CVE-2015-3142","api":"https://cve.report/api/cve/CVE-2015-3142.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-3142","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-3142"},"summary":{"title":"CVE-2015-3142","description":"The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2017-06-26 15:29:00","updated_at":"2023-02-13 00:47:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2015-1083.html","name":"RHSA-2015:1083","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1212818","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1212818","refsource":"CONFIRM","tags":["Issue Tracking","Vendor Advisory"],"title":"1212818 – (CVE-2015-3142) CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others","mime":"text/html","httpstatus":"200","archivestatus":"503"},{"url":"https://access.redhat.com/errata/RHSA-2015:1083","name":"https://access.redhat.com/errata/RHSA-2015:1083","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2015/04/17/5","name":"[oss-security] 20150417 Re: Problems in automatic crash analysis frameworks","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - Re: Problems in automatic crash analysis frameworks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1210.html","name":"RHSA-2015:1210","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2015-3142","name":"https://access.redhat.com/security/cve/CVE-2015-3142","refsource":"MISC","tags":[],"title":"access.redhat.com | CVE-2015-3142","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2015:1210","name":"https://access.redhat.com/errata/RHSA-2015:1210","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/75116","name":"75116","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Abrt CVE-2015-3142 Local Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-3142","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3142","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"3142","vulnerable":"1","versionEndIncluding":"2.1.11","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"automatic_bug_reporting_tool","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2015-3142","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2015-1083.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2015-1083.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1210.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2015-1210.html"},{"url":"http://www.openwall.com/lists/oss-security/2015/04/17/5","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2015/04/17/5"},{"url":"http://www.securityfocus.com/bid/75116","refsource":"MISC","name":"http://www.securityfocus.com/bid/75116"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1212818","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1212818"}]}},"nvd":{"publishedDate":"2017-06-26 15:29:00","lastModifiedDate":"2023-02-13 00:47:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":1,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":1.9},"severity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:automatic_bug_reporting_tool:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.11","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"3142","Ordinal":"80095","Title":"CVE-2015-3142","CVE":"CVE-2015-3142","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"3142","Ordinal":"1","NoteData":"The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"3142","Ordinal":"2","NoteData":"2017-06-26","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"3142","Ordinal":"3","NoteData":"2018-01-04","Type":"Other","Title":"Modified"}]}}}