Impact: Low Public Date: 2015-04-17 CWE: CWE-283 Bugzilla: 1212953: CVE-2015-3147 abrt: does not validate contents of uploaded problem reports It exists that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT, or to overwrite arbitrary files on the system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat automatic bug reporting tool - |
||
redhat enterprise linux server eus 7.2 |
||
redhat enterprise linux server eus 7.1 |
||
redhat enterprise linux server tus 7.3 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server eus 7.3 |
||
redhat enterprise linux server eus 7.4 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server eus 7.7 |
||
redhat enterprise linux server aus 7.7 |
||
redhat enterprise linux server tus 7.7 |