The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2015/Apr/34 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2015/04/14/4 | Mailing List |
http://www.securityfocus.com/bid/74263 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1211223 | Issue Tracking Third Party Advisory |
https://github.com/abrt/abrt/pull/810 | Issue Tracking Patch Third Party Advisory |
https://www.exploit-db.com/exploits/36746/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/36747/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-02-09T22:00:00
Updated: 2018-02-09T21:57:01
Reserved: 2015-02-17T00:00:00
Link: CVE-2015-1862
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-02-09T22:29:00.520
Modified: 2018-03-08T16:03:17.727
Link: CVE-2015-1862
JSON object: View
Redhat Information
No data.
CWE