ID CVE-2015-1862
Summary The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
References
Vulnerable Configurations
  • cpe:2.3:a:abrt_project:abrt:2.2.0
    cpe:2.3:a:abrt_project:abrt:2.2.0
CVSS
Base: 6.9
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
exploit-db via4
  • description Fedora abrt Race Condition Exploit. CVE-2015-1862,CVE-2015-3315. Local exploit for linux platform
    file exploits/linux/local/36747.c
    id EDB-ID:36747
    last seen 2016-02-04
    modified 2015-04-14
    platform linux
    port
    published 2015-04-14
    reporter Tavis Ormandy
    source https://www.exploit-db.com/download/36747/
    title Fedora abrt Race Condition Exploit
    type local
  • description ABRT - raceabrt Privilege Escalation(Metasploit). CVE-2015-3315. Local exploit for Linux platform. Tags: Metasploit Framework (MSF), Local
    file exploits/linux/local/44097.rb
    id EDB-ID:44097
    last seen 2018-02-16
    modified 2018-02-16
    platform linux
    port
    published 2018-02-16
    reporter Exploit-DB
    source https://www.exploit-db.com/download/44097/
    title ABRT - raceabrt Privilege Escalation(Metasploit)
    type local
  • description Apport/Abrt - Local Root Exploit. CVE-2015-1318,CVE-2015-1862. Local exploit for linux platform
    file exploits/linux/local/36746.c
    id EDB-ID:36746
    last seen 2016-02-04
    modified 2015-04-14
    platform linux
    port
    published 2015-04-14
    reporter Tavis Ormandy
    source https://www.exploit-db.com/download/36746/
    title Apport/Abrt - Local Root Exploit
    type local
metasploit via4
description This module attempts to gain root privileges on Fedora systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. A race condition allows local users to change ownership of arbitrary files (CVE-2015-3315). This module uses a symlink attack on '/var/tmp/abrt/*/maps' to change the ownership of /etc/passwd, then adds a new user with UID=0 GID=0 to gain root privileges. Winning the race could take a few minutes. This module has been tested successfully on ABRT packaged version 2.1.5-1.fc19 on Fedora Desktop 19 x86_64, 2.2.1-1.fc19 on Fedora Desktop 19 x86_64 and 2.2.2-2.fc20 on Fedora Desktop 20 x86_64. Fedora 21 and Red Hat 7 systems are reportedly affected, but untested.
id MSF:EXPLOIT/LINUX/LOCAL/ABRT_RACEABRT_PRIV_ESC
last seen 2019-02-11
modified 2019-01-10
published 2018-01-16
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/abrt_raceabrt_priv_esc.rb
title ABRT raceabrt Privilege Escalation
packetstorm via4
refmap via4
bid 74263
confirm
fulldisc 20150414 Problems in automatic crash analysis frameworks
misc
mlist [oss-security] 20150414 Problems in automatic crash analysis frameworks
Last major update 09-02-2018 - 17:29
Published 09-02-2018 - 17:29
Last modified 08-03-2018 - 11:03
Back to Top