302 matches found
CVE-2015-1862
CVE-2015-1862 describes a local privilege-escalation in ABRT’s crash reporting. The vulnerability arises when ABRT’s crash-handler code performs an execve after a chroot into a user-specified directory within a named-space; a race condition/symlink handling flaw can allow a local user to influenc...
Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apport / ABRT chroot Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems by invoking the...
Apport / ABRT chroot Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace "container". Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by...
Apport / ABRT chroot Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apport / ABRT chroot Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems by invoking the...
ABRT raceabrt Privilege Escalation
This module attempts to gain root privileges on Linux systems with a vulnerable version of Automatic Bug Reporting Tool ABRT configured as the crash handler. A race condition allows local users to change ownership of arbitrary files CVE-2015-3315. This module uses a symlink attack on...
Apport / ABRT chroot Privilege Escalation
This module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace "container". Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by changing t...
Design/Logic Flaw
Automatic Bug Reporting Tool ABRT allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on 1 /var/tmp/abrt//maps, 2 /tmp/jvm-/hserror.log, 3 /proc//exe, 4 /etc/os-release in a chroot, or 5 an unspecified root directory relate...
Design/Logic Flaw
The kernel-invoked coredump processor in Automatic Bug Reporting Tool ABRT does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application...
CVE-2015-3142
The kernel-invoked coredump processor in Automatic Bug Reporting Tool ABRT does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application...
Design/Logic Flaw
The event scripts in Automatic Bug Reporting Tool ABRT uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors...
CVE-2015-1870
The event scripts in Automatic Bug Reporting Tool ABRT uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors...
CVE-2015-3315
Automatic Bug Reporting Tool ABRT allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on 1 /var/tmp/abrt//maps, 2 /tmp/jvm-/hserror.log, 3 /proc//exe, 4 /etc/os-release in a chroot, or 5 an unspecified root directory relate...
CVE-2015-3142
The kernel-invoked coredump processor in Automatic Bug Reporting Tool ABRT does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application...
CVE-2015-1870
The event scripts in Automatic Bug Reporting Tool ABRT uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors...
CVE-2015-3315
Automatic Bug Reporting Tool ABRT allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on 1 /var/tmp/abrt//maps, 2 /tmp/jvm-/hserror.log, 3 /proc//exe, 4 /etc/os-release in a chroot, or 5 an unspecified root directory relate...
CVE-2015-3142
CVE-2015-3142 concerns ABRT's kernel-invoked coredump processor failing to check file ownership before writing core dumps, allowing local users to read sensitive data from the crashed application's working directory. Connected docs show advisories for MiracleLinux, Oracle Linux, and Red Hat that ...
CVE-2015-1870
Mode C: The connected MiracleLinux 4 advisory references CVE-2015-1870 affecting abrt (Automatic Bug Reporting Tool) and libreport (abrt-2.0.8-26.1.0.1.AXS4, libreport-2.0.9-21.1.0.1.AXS4). The vulnerability arises from event scripts using world-readable permissions on a copy of sosreport files i...
CVE-2015-3315
CVE-2015-3315 affects the Automatic Bug Reporting Tool (ABRT) and related libreport components. A local attacker can exploit race conditions and symbolic-link flaws to gain ownership changes of arbitrary files via a symlink attack on paths such as /var/tmp/abrt//maps (and related ABRT paths), pot...
Fedora 22 : abrt-2.6.1-6.fc22 / libreport-2.6.3-1.fc22 (2015-b81f7e1e86)
Security fix for CVE-2015-5302 abrt-2.6.1-6.fc22 - doc: fix default DumpLocation in abrt.conf man page - abrt-retrace-client: use atoll for size conversion - a-a-a-ccpp-local don't delete buildids - abrt-dump-xorg: support Xorg log backtraces prefixed by EE - bodhi: fix typo in error messages...
Fedora 21 : abrt-2.3.0-12.fc21 / libreport-2.3.0-10.fc21 (2015-6542ab6d3a)
Security fix for CVE-2015-5302 abrt-2.3.0-12.fc21 - doc: fix default DumpLocation in abrt.conf man page - bodhi: fix typo in error messages - abrt- dump-xorg: support Xorg log backtraces prefixed by EE libreport-2.3.0-10.fc21 - fix save users changes after reviewing dump dir files - Resolves...