Lucene search
K
RedhatAutomatic Bug Reporting Tool

14 matches found

CVE
CVE
added 2015/12/07 6:0 p.m.151 views

CVE-2015-5287

CVE-2015-5287 affects ABRT’s abrt-hook-ccpp prior to 2.7.1, enabling a local user with certain permissions to gain privileges via a symlink attack on a file with a predictable name (e.g., /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump). Publicly documented exploit paths incl...

6.9CVSS6.3AI score0.03296EPSS
Web
CVE
CVE
added 2017/06/26 3:0 p.m.108 views

CVE-2015-3315

CVE-2015-3315 affects the Automatic Bug Reporting Tool (ABRT) and related libreport components. A local attacker can exploit race conditions and symbolic-link flaws to gain ownership changes of arbitrary files via a symlink attack on paths such as /var/tmp/abrt//maps (and related ABRT paths), pot...

7.8CVSS5.6AI score0.04815EPSS
CVE
CVE
added 2015/12/07 6:0 p.m.96 views

CVE-2015-5273

CVE-2015-5273 affects ABRT and libreport: the abrt-action-install-debuginfo-to-abrt-cache helper allows a local attacker to write arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. Public advisories (RHSA/CESA) and distributed sec...

3.6CVSS6.1AI score0.00909EPSS
CVE
CVE
added 2017/06/26 3:0 p.m.91 views

CVE-2015-1870

Mode C: The connected MiracleLinux 4 advisory references CVE-2015-1870 affecting abrt (Automatic Bug Reporting Tool) and libreport (abrt-2.0.8-26.1.0.1.AXS4, libreport-2.0.9-21.1.0.1.AXS4). The vulnerability arises from event scripts using world-readable permissions on a copy of sosreport files i...

5.5CVSS5.1AI score0.00424EPSS
CVE
CVE
added 2013/03/12 10:0 p.m.89 views

CVE-2012-5660

Summary: CVE-2012-5660 affects ABRT (Automatic Bug Reporting Tool) components, notably abrt-action-install-debuginfo, in ABRT 2.0.9 and earlier. The vulnerability allows a local attacker to set world-writable permissions on arbitrary files and potentially gain privileges via a symlink attack in t...

6.9CVSS6.1AI score0.00313EPSS
CVE
CVE
added 2020/01/14 5:31 p.m.87 views

CVE-2015-1869

CVE-2015-1869 affects the Automatic Bug Reporting Tool (ABRT) and is exploitable locally to gain privileges via a symlink attack on ABRT’s logging path (var_log_messages). Connected documents confirm this vulnerability is acknowledged in multiple advisories and vendor bulletins (e.g., Red Hat RHS...

7.8CVSS5.6AI score0.00414EPSS
CVE
CVE
added 2020/01/14 5:31 p.m.87 views

CVE-2015-3147

The CVE-2015-3147 issue affects ABRT’s daemon, specifically daemon/abrt-handle-upload.in, where moving reports from /var/spool/abrt-upload can be manipulated via a symbolic link to write to arbitrary files (or cause other impacts) on the system. The vulnerability arises from a symlink attack agai...

6.5CVSS6AI score0.01075EPSS
CVE
CVE
added 2020/01/14 5:34 p.m.82 views

CVE-2015-3150

CVE-2015-3150 affects abrt-dbus in Automatic Bug Reporting Tool (ABRT). Local attackers could delete or change ownership of arbitrary files via the problem directory argument to ChownProblemDir, DeleteElement, or DeleteProblem, indicating a local-privilege and data-integrity impact (C, I) without...

7.2CVSS6.8AI score0.00398EPSS
CVE
CVE
added 2020/01/14 6:0 p.m.76 views

CVE-2015-3159

CVE-2015-3159 affects ABRT (Automatic Bug Reporting Tool) specifically the abrt-action-install-debuginfo-to-abrt-cache component. The root cause is improper handling of the process environment before invoking abrt-action-install-debuginfo, enabling local privilege elevation. Vulnerable platforms ...

7.8CVSS5.7AI score0.00392EPSS
CVE
CVE
added 2017/06/26 3:0 p.m.74 views

CVE-2015-3142

CVE-2015-3142 concerns ABRT's kernel-invoked coredump processor failing to check file ownership before writing core dumps, allowing local users to read sensitive data from the crashed application's working directory. Connected docs show advisories for MiracleLinux, Oracle Linux, and Red Hat that ...

4.7CVSS5.3AI score0.00348EPSS
CVE
CVE
added 2020/01/14 5:47 p.m.71 views

CVE-2015-3151

Technical details (affected product, root cause, impact, or fix) for CVE-2015-3151 are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS7.2AI score0.0056EPSS
CVE
CVE
added 2013/03/12 10:0 p.m.66 views

CVE-2012-5659

CVE-2012-5659 describes an untrusted search path vulnerability in ABRT (Automatic Bug Reporting Tool) prior to or including version 2.0.9, where local users can modify PYTHONPATH to reference a malicious Python module and load/execute arbitrary code. The issue is rooted in plugins/abrt-action-ins...

3.7CVSS6.6AI score0.00446EPSS
CVE
CVE
added 2012/07/03 4:0 p.m.64 views

CVE-2012-1106

CVE-2012-1106 affects ABRT, libreport, btparser, and python-meh (ABRT C handler plug-in). When sysctl fs.suid_dumpable is set to 2, ABRT may create core dumps for setuid programs with insecure group permissions, letting local users access sensitive data. Affected components include abrt (2.0.8 an...

1.9CVSS7.2AI score0.00444EPSS
CVE
CVE
added 2018/05/01 7:0 p.m.45 views

CVE-2013-4209

The CVE-2013-4209 entry concerns Red Hat ABRT (Automatic Bug Reporting Tool) before 2.1.6. The vulnerability allows a local attacker to obtain sensitive information from arbitrary files via vectors related to sha1sums, resulting in a partial confidentiality impact. Affected software: ABRT prior t...

3.3CVSS3.7AI score0.00308EPSS