7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
16.6%
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
CPE | Name | Operator | Version |
---|---|---|---|
abrt_project:abrt | abrt project abrt | le | 2.2.0 |
packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html
packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html
packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html
seclists.org/fulldisclosure/2015/Apr/34
www.openwall.com/lists/oss-security/2015/04/14/4
www.securityfocus.com/bid/74263
bugzilla.redhat.com/show_bug.cgi?id=1211223
github.com/abrt/abrt/pull/810
www.exploit-db.com/exploits/36746/
www.exploit-db.com/exploits/36747/
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
16.6%