302 matches found
Symlink Attack
ABRT Automatic Bug Reporting Tool is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. It was found that ABRT was vulnerable to multiple race condition...
Sensitive Information Leakage
ABRT Automatic Bug Reporting Tool is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. It was found that ABRT was vulnerable to multiple race condition...
Arbitrary File Upload
ABRT Automatic Bug Reporting Tool is vulnerable to arbitrary file upload. There is a flaw in moving problem reports between certain directories as abrt-handle-upload fails to verify that a new problem directory has appropriate permissions and did not contain symbolic links. A malicious problem...
Privilege Escalation
ABRT Automatic Bug Reporting Tool is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in...
Information Disclosure
ABRT Automatic Bug Reporting Tool is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in...
ABRT sosreport Privilege Escalation
This module attempts to gain root privileges on RHEL systems with a vulnerable version of Automatic Bug Reporting Tool ABRT configured as the crash handler. sosreport uses an insecure temporary directory, allowing local users to write to arbitrary files CVE-2015-5287. This module uses a symlink...
Fedora 29 : poppler (2019-d04944813d)
Security fix for CVE-2018-20662, CVE-2019-9631 and CVE-2019-9200. One additional fix for crash detected by ABRT. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format...
Privilege Escalation
ABRT is vulnerable to privilege escalation. It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges...
Arbitrary Code Execution
abrt is vulnerable to arbitrary code execution. The /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool does not sufficiently sanitize its environment variables, allowing arbitrary Python modules to be loaded and run from non-standard directories such as /tmp. A local attacker is able t...
Information Disclosure
abrt is vulnerable to information disclosure. The application would send confidential information such as usernames and passwords when reporting on crashes...
Design/Logic Flaw
Automatic Bug Reporting Tool ABRT before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums...
CVE-2013-4209
Automatic Bug Reporting Tool ABRT before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums...
CVE-2013-4209
Automatic Bug Reporting Tool ABRT before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums...
CVE-2013-4209
The CVE-2013-4209 entry concerns Red Hat ABRT (Automatic Bug Reporting Tool) before 2.1.6. The vulnerability allows a local attacker to obtain sensitive information from arbitrary files via vectors related to sha1sums, resulting in a partial confidentiality impact. Affected software: ABRT prior t...
ABRT - raceabrt Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ABRT raceabrt Privilege Escalation', 'Description' = %q This module attempts to gain root...
ABRT - 'raceabrt' Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ABRT raceabrt Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Fedora systems with a vulnerable version ...
ABRT raceabrt Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ABRT raceabrt Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Fedora systems with a vulnerable version ...
CVE-2015-1862
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment...
Security feature bypass
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment...
CVE-2015-1862
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment...