CVE-2015-1870

Published: Jun 26, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2015:1083

vendor-advisory

x_refsource_REDHAT

75119

vdb-entry

x_refsource_BID

https://github.com/abrt/abrt/commit/7d023c32a565e83306cddf34c894477b7aaf33d1

x_refsource_CONFIRM

RHSA-2015:1210

vendor-advisory

x_refsource_REDHAT

https://github.com/abrt/libreport/commit/c962918bc70a61a8cc647898ee8b1ff1c14a87c5

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1212868

x_refsource_CONFIRM

https://github.com/abrt/abrt/commit/8939398b82006ba1fec4ed491339fc075f43fc7c

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-1870

Description

Affected Products

References