Vulnerability Details : CVE-2015-3159
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.
Products affected by CVE-2015-3159
- cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3159
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3159
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2015-3159
-
https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b
a-a-i-d-t-a-cache: sanitize arguments · abrt/abrt@9943a77 · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1216962
1216962 – (CVE-2015-3159) CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cacheIssue Tracking;Third Party Advisory
-
https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a
a-a-i-d-t-a-cache: sanitize umask · abrt/abrt@9a41006 · GitHubPatch;Third Party Advisory
Jump to