Vulnerability Details : CVE-2015-3150
abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.
Vulnerability category: Input validation
Products affected by CVE-2015-3150
- cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3150
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3150
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2015-3150
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3150
-
https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8
dbus: process only valid sub-directories of the dump location · abrt/abrt@6e811d7 · GitHubPatch;Third Party Advisory
-
https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1
dbus: avoid race-conditions in tests for dum dir availability · abrt/abrt@7814554 · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1214457
1214457 – (CVE-2015-3150) CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path argumentsIssue Tracking;Third Party Advisory
-
https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7
lib: add functions validating dump dir · abrt/abrt@b7f8bd2 · GitHubPatch;Third Party Advisory
-
https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75
lib: fix races in dump directory handling code · abrt/libreport@1951e72 · GitHubPatch;Third Party Advisory
Jump to