CVE-2015-3150

abrt-dbus in Automatic Bug Reporting Tool ABRT allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the 1 ChownProblemDir, 2 DeleteElement, or 3 DeleteProblem method...

abrt: default event scripts follow symbolic links

It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges...

abrt: abrt-dbus does not guard against crafted problem directory path arguments

It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and...

abrt: default event scripts follow symbolic links

It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges...