CVE-2015-5287 - Improper Link Resolution Before File Access ('Link Following')

Severity

69%

Complexity

34%

Confidentiality

165%

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

RedHat Enterprise Linux

First reported 9 years ago

2015-12-07 18:59:00

Last updated 8 years ago

2016-12-07 18:16:00

Affected Software

RedHat Enterprise Linux Desktop 7.0

7.0

RedHat Enterprise Linux HPC Node 7.0

7.0

RedHat Enterprise Linux Server 7.0

7.0

RedHat Enterprise Linux Workstation 7.0

7.0

References

http://packetstormsecurity.com/files/154592/ABRT-sosreport-Privilege-Escalation.html

RHSA-2015:2505

Vendor Advisory

[oss-security] 20151201 CVE-2015-5273 + CVE-2015-5287, abrt local root in Centos/Fedora/RHEL

Exploit

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

78137

https://bugzilla.redhat.com/show_bug.cgi?id=1266837

Exploit

https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e

38832

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.