Vulnerability Details : CVE-2015-3315
Public exploit exists!
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
Products affected by CVE-2015-3315
- cpe:2.3:a:redhat:automatic_bug_reporting_tool:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3315
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2015-3315
-
ABRT raceabrt Privilege Escalation
Disclosure Date: 2015-04-14First seen: 2020-04-26exploit/linux/local/abrt_raceabrt_priv_escThis module attempts to gain root privileges on Linux systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. A race condition allows local users to change ownership of arbitrary files (CVE-2015-331
CVSS scores for CVE-2015-3315
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2015-3315
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3315
-
http://rhn.redhat.com/errata/RHSA-2015-1083.html
RHSA-2015:1083 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.exploit-db.com/exploits/44097/
ABRT - 'raceabrt' Privilege Escalation (Metasploit)
-
https://github.com/abrt/abrt/commit/4f2c1ddd3e3b81d2d5146b883115371f1cada9f9
ccpp: do not read data from root directories · abrt/abrt@4f2c1dd · GitHubPatch;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1210.html
RHSA-2015:1210 - Security Advisory - Red Hat Customer Portal
-
https://github.com/abrt/abrt/commit/d6e2f6f128cef4c21cb80941ae674c9842681aa7
ccpp: open file for dump_fd_info with O_EXCL · abrt/abrt@d6e2f6f · GitHubPatch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/04/14/4
oss-security - Problems in automatic crash analysis frameworksMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/04/16/12
oss-security - Re: Problems in automatic crash analysis frameworksMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1211835
1211835 – (CVE-2015-3315) CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrtIssue Tracking;Third Party Advisory;VDB Entry
-
https://github.com/abrt/abrt/commit/17cb66b13997b0159b4253b3f5722db79f476d68
ccpp: stop reading hs_error.log from /tmp · abrt/abrt@17cb66b · GitHubPatch;Third Party Advisory
-
http://www.securityfocus.com/bid/75117
abrt CVE-2015-3315 Multiple Local Privilege Escalation VulnerabilitiesThird Party Advisory;VDB Entry
-
https://github.com/abrt/abrt/commit/80408e9e24a1c10f85fd969e1853e0f192157f92
ccpp: fix symlink race conditions · abrt/abrt@80408e9 · GitHubPatch;Third Party Advisory
Jump to