CVE-2015-1870
Unknown
Last modified
CVE-2015-1870 is a vulnerability of currently unknown severity. The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors..
Description
The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Automatic Bug Reporting Tool | <= 2.1.11 |
References
- http://rhn.redhat.com/errata/RHSA-2015-1083.htmlVendor Advisory
- http://www.securityfocus.com/bid/75119Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1212868Issue Tracking, Vendor Advisory
- https://github.com/abrt/abrt/commit/7d023c32a565e83306cddf34c894477b7aaf33d1Patch, Third Party Advisory
- https://github.com/abrt/abrt/commit/8939398b82006ba1fec4ed491339fc075f43fc7cPatch, Third Party Advisory
- https://github.com/abrt/libreport/commit/c962918bc70a61a8cc647898ee8b1ff1c14a87c5Patch, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1083.htmlVendor Advisory
- http://www.securityfocus.com/bid/75119Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1212868Issue Tracking, Vendor Advisory
- https://github.com/abrt/abrt/commit/7d023c32a565e83306cddf34c894477b7aaf33d1Patch, Third Party Advisory
- https://github.com/abrt/abrt/commit/8939398b82006ba1fec4ed491339fc075f43fc7cPatch, Third Party Advisory
- https://github.com/abrt/libreport/commit/c962918bc70a61a8cc647898ee8b1ff1c14a87c5Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-1870?
The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.
How severe is CVE-2015-1870?
Severity scoring for CVE-2015-1870 is pending analysis.
How do I fix CVE-2015-1870?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2015-1870?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST