Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3142

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.

Published

2017-06-26T15:29:00.347

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 4.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.4

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	automatic_bug_reporting_tool	≤ 2.1.11	Yes

References

http://rhn.redhat.com/errata/RHSA-2015-1083.html Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1210.html ([email protected])
http://www.openwall.com/lists/oss-security/2015/04/17/5 Mailing List, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/75116 Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1212818 Issue Tracking, Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1083.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1210.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2015/04/17/5 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/75116 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1212818 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)