Back to search
CVE-2015-3142
Published: Jun 26, 2017
Modified: Aug 6, 2024
PUBLISHED
Description
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2015:1083
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1212818
x_refsource_CONFIRM
[oss-security] 20150417 Re: Problems in automatic crash analysis frameworks
mailing-list
x_refsource_MLIST
75116
vdb-entry
x_refsource_BID
RHSA-2015:1210
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now