6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
38.8%
Added: 12/14/2015
CVE: CVE-2015-5287
The Automatic Bug Reporting Tool (ABRT) is an application that runs as a daemon on some Linux systems. ABRT collects relevant crash data when another application crashes and can report it to a relevant issue tracker for analysis. After saving some initial diagnostic information, the **sosreport**
script is called by ABRT on Red Hat Enterprise Linux (RHEL).
When **/etc/abrt/abrt.conf**
is configured to turn off **PrivateReports**
, the default setting in RHEL 7 and 7.1, the diagnostic files and directories created by ABRT can be manipulated to cause **/usr/sbin/sosreport**
to write a file with crafted data at an arbitrary location as root.
Apply the appropriate patch referenced in Red Hat Security Advisory RHSA-2015-2505-1.
<https://www.exploit-db.com/exploits/38832/>
<http://www.openwall.com/lists/oss-security/2015/12/01/1>
Exploit works on default installations of Red Hat Enterprise Linux (RHEL) 7 and 7.1. Exploit may also work on RHEL 6 if the system administrator has commented out the line “PrivateReports = yes” or set it to “no” in abrt.conf.
Linux