Vulnerability Details : CVE-2015-3142
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.
Vulnerability category: Information leak
Products affected by CVE-2015-3142
- cpe:2.3:a:redhat:automatic_bug_reporting_tool:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3142
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3142
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST | |
4.7
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.0
|
3.6
|
NIST |
CWE ids for CVE-2015-3142
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3142
-
http://rhn.redhat.com/errata/RHSA-2015-1083.html
RHSA-2015:1083 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1210.html
RHSA-2015:1210 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/75116
Abrt CVE-2015-3142 Local Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2015/04/17/5
oss-security - Re: Problems in automatic crash analysis frameworksMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1212818
1212818 – (CVE-2015-3142) CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by othersIssue Tracking;Vendor Advisory
Jump to