Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2015-2505.NASL
HistoryNov 30, 2015 - 12:00 a.m.

Oracle Linux 7 : abrt / and / libreport (ELSA-2015-2505)

2015-11-3000:00:00
This script is Copyright (C) 2015-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

JSON

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2505 advisory.

  • libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report. (CVE-2015-5302)

  • The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre- created directory with a predictable name in /var/tmp. (CVE-2015-5273)

  • The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. (CVE-2015-5287)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2015:2505 and 
# Oracle Linux Security Advisory ELSA-2015-2505 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(87096);
  script_version("2.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");

  script_cve_id("CVE-2015-5273", "CVE-2015-5287", "CVE-2015-5302");
  script_xref(name:"RHSA", value:"2015:2505");

  script_name(english:"Oracle Linux 7 : abrt / and / libreport (ELSA-2015-2505)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2015-2505 advisory.

  - libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which
    allows remote attackers to obtain sensitive information via unspecified vectors related to the (1)
    backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9)
    ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report. (CVE-2015-5302)

  - The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before
    2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-
    created directory with a predictable name in /var/tmp. (CVE-2015-5273)

  - The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users
    with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as
    demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. (CVE-2015-5287)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2015-2505.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5287");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2015-5302");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'ABRT sosreport Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/11/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-ccpp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-kerneloops");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-pstoreoops");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-upload-watch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-vmcore");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-xorg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-console-notification");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-dbus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-gui-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-gui-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-python-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-retrace-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-tui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-anaconda");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-compat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-gtk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-gtk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-newt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-bugzilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-kerneloops");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-logger");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-mailx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-reportuploader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-ureport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-rhel-anaconda-bugzilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-rhel-bugzilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-web");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-web-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var pkgs = [
    {'reference':'abrt-devel-2.1.11-35.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-gui-devel-2.1.11-35.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-gui-libs-2.1.11-35.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-libs-2.1.11-35.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-2.1.11-31.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-devel-2.1.11-31.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-gtk-2.1.11-31.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-gtk-devel-2.1.11-31.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-web-2.1.11-31.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-web-devel-2.1.11-31.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-addon-ccpp-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-addon-kerneloops-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-addon-pstoreoops-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-addon-python-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-addon-upload-watch-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-addon-vmcore-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-addon-xorg-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-cli-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-console-notification-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-dbus-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-desktop-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-devel-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-gui-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-gui-devel-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-gui-libs-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-libs-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-python-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-python-doc-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-retrace-client-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'abrt-tui-2.1.11-35.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-anaconda-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-cli-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-compat-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-devel-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-filesystem-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-gtk-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-gtk-devel-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-newt-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-plugin-bugzilla-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-plugin-kerneloops-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-plugin-logger-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-plugin-mailx-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-plugin-reportuploader-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-plugin-ureport-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-python-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-rhel-anaconda-bugzilla-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-rhel-bugzilla-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-web-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libreport-web-devel-2.1.11-31.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release) {
    if (exists_check) {
        if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'abrt / abrt-addon-ccpp / abrt-addon-kerneloops / etc');
}
VendorProductVersionCPE
oraclelinuxabrtp-cpe:/a:oracle:linux:abrt
oraclelinuxabrt-addon-ccppp-cpe:/a:oracle:linux:abrt-addon-ccpp
oraclelinuxabrt-addon-kerneloopsp-cpe:/a:oracle:linux:abrt-addon-kerneloops
oraclelinuxabrt-addon-pstoreoopsp-cpe:/a:oracle:linux:abrt-addon-pstoreoops
oraclelinuxabrt-addon-pythonp-cpe:/a:oracle:linux:abrt-addon-python
oraclelinuxabrt-addon-upload-watchp-cpe:/a:oracle:linux:abrt-addon-upload-watch
oraclelinuxabrt-addon-vmcorep-cpe:/a:oracle:linux:abrt-addon-vmcore
oraclelinuxabrt-addon-xorgp-cpe:/a:oracle:linux:abrt-addon-xorg
oraclelinuxabrt-clip-cpe:/a:oracle:linux:abrt-cli
oraclelinuxabrt-console-notificationp-cpe:/a:oracle:linux:abrt-console-notification
Rows per page:
1-10 of 421

Related

redhat 2
openvas 7
nessus 11
oraclelinux 2
centos 2
fedora 7
zdt 3
exploitpack 2
packetstorm 3
exploitdb 3
cvelist 3
cve 3
veracode 2
saint 4
metasploit 1
nvd 3
prion 3
redhat
redhat
(RHSA-2015:2505) Moderate: abrt and libreport security update
2015-11-23 10:17:59
(RHSA-2015:2504) Moderate: libreport security update
2015-11-23 00:00:00
openvas
openvas
RedHat Update for abrt and libreport RHSA-2015:2505-01
2015-11-24 00:00:00
Oracle: Security Advisory (ELSA-2015-2505)
2015-11-27 00:00:00
Fedora Update for abrt FEDORA-2015-6542
2015-11-26 00:00:00
nessus
nessus
CentOS 7 : abrt / libreport (CESA-2015:2505)
2015-12-02 00:00:00
Scientific Linux Security Update : abrt and libreport on SL7.x x86_64 (20151123)
2015-12-22 00:00:00
RHEL 7 : abrt and libreport (RHSA-2015:2505)
2015-11-24 00:00:00
oraclelinux
oraclelinux
abrt and libreport security update
2015-11-25 00:00:00
libreport security update
2015-11-23 00:00:00
centos
centos
abrt, libreport security update
2015-12-01 18:46:19
libreport security update
2015-12-02 13:52:30
fedora
fedora
[SECURITY] Fedora 23 Update: abrt-2.7.1-1.fc23
2015-11-28 20:23:31
[SECURITY] Fedora 23 Update: libreport-2.6.3-1.fc23
2015-10-31 16:10:36
[SECURITY] Fedora 21 Update: libreport-2.3.0-10.fc21
2015-11-26 04:58:18
zdt
zdt
Centos 7.1 / Fedora 22 - abrt Local Root Exploit
2015-12-01 00:00:00
RHEL 7.0/7.1 - abrt/sosreport Local Root Exploit
2015-12-01 00:00:00
ABRT - sosreport Privilege Escalation Exploit
2019-09-26 00:00:00
exploitpack
exploitpack
abrt (Centos 7.1 Fedora 22) - Local Privilege Escalation
2015-12-01 00:00:00
RHEL 7.07.1 - abrtsosreport Local Privilege Escalation
2015-12-01 00:00:00
packetstorm
packetstorm
CentOS 7.1 / Fedora 22 abrt Local Root
2015-12-01 00:00:00
RHEL 7.0 / 7.1 abrt / sosreport Local Root
2015-12-01 00:00:00
ABRT sosreport Privilege Escalation
2019-09-24 00:00:00
exploitdb
exploitdb
abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation
2015-12-01 00:00:00
ABRT - sosreport Privilege Escalation (Metasploit)
2019-09-25 00:00:00
RHEL 7.0/7.1 - &#039;abrt/sosreport&#039; Local Privilege Escalation
2015-12-01 00:00:00
cvelist
cvelist
CVE-2015-5287
2015-12-07 18:00:00
CVE-2015-5302
2015-12-07 18:00:00
CVE-2015-5273
2015-12-07 18:00:00
cve
cve
CVE-2015-5302
2015-12-07 18:59:03
CVE-2015-5287
2015-12-07 18:59:02
CVE-2015-5273
2015-12-07 18:59:00
veracode
veracode
Information Disclosure
2019-01-15 09:08:41
Information Disclosure
2018-08-08 02:38:15
saint
saint
ABRT/sosreport privilege elevation
2015-12-14 00:00:00
ABRT/sosreport privilege elevation
2015-12-14 00:00:00
ABRT/sosreport privilege elevation
2015-12-14 00:00:00
metasploit
metasploit
ABRT sosreport Privilege Escalation
2019-04-20 11:48:52
nvd
nvd
CVE-2015-5287
2015-12-07 18:59:02
CVE-2015-5302
2015-12-07 18:59:03
CVE-2015-5273
2015-12-07 18:59:00
prion
prion
Code injection
2015-12-07 18:59:00
Code injection
2015-12-07 18:59:00
Code injection
2015-12-07 18:59:00

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

JSON
Related for ORACLELINUX_ELSA-2015-2505.NASL
redhat2openvas7nessus11oraclelinux2centos2fedora7zdt3exploitpack2packetstorm3exploitdb3cvelist3cve3veracode2saint4metasploit1nvd3prion3