Vulnerability Details : CVE-2015-5287
Public exploit exists!
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
Products affected by CVE-2015-5287
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:automatic_bug_reporting_tool:*:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5287
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2015-5287
-
ABRT sosreport Privilege Escalation
Disclosure Date: 2015-11-23First seen: 2020-04-26exploit/linux/local/abrt_sosreport_priv_escThis module attempts to gain root privileges on RHEL systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. `sosreport` uses an insecure temporary directory, allowing local users to write to arbitrary files
CVSS scores for CVE-2015-5287
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2015-5287
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5287
-
https://www.exploit-db.com/exploits/38832/
RHEL 7.0/7.1 - 'abrt/sosreport' Local Privilege Escalation
-
http://www.securityfocus.com/bid/78137
abrt '/var/spool/abrt' Local Privilege Escalation Vulnerability
-
http://packetstormsecurity.com/files/154592/ABRT-sosreport-Privilege-Escalation.html
ABRT sosreport Privilege Escalation ≈ Packet Storm
-
http://www.openwall.com/lists/oss-security/2015/12/01/1
oss-security - CVE-2015-5273 + CVE-2015-5287, abrt local root in Centos/Fedora/RHELExploit
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e
ccpp: save abrt core files only to new files · abrt/abrt@3c1b60c · GitHub
-
http://rhn.redhat.com/errata/RHSA-2015-2505.html
RHSA-2015:2505 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1266837
1266837 – (CVE-2015-5287) CVE-2015-5287 abrt: incorrect permissions on /var/spool/abrtExploit
Jump to