Impact: Important Public Date: 2015-04-17 CWE: CWE-61 Bugzilla: 1212861: CVE-2015-1869 abrt: default event scripts follow symbolic links It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges.
Find out more about CVE-2015-1869 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 7.2 |
---|---|
Base Metrics | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Access Vector | Local |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 6 (abrt) | RHSA-2015:1210 | 2015-07-07 |
Red Hat Enterprise Linux 7 (abrt) | RHSA-2015:1083 | 2015-06-09 |