ID CVE-2015-0267
Summary The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:kexec-tools:*:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:kexec-tools:*:*:*:*:*:*:*:*
CVSS
Base: 3.6 (as of 12-02-2023 - 23:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:P
redhat via4
advisories
bugzilla
id 1191575
title CVE-2015-0267 kexec-tools: insecure use of /tmp/*$$* filenames
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment kexec-tools is earlier than 0:2.0.7-19.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150986001
        • comment kexec-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111532002
      • AND
        • comment kexec-tools-anaconda-addon is earlier than 0:2.0.7-19.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150986003
        • comment kexec-tools-anaconda-addon is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150986004
      • AND
        • comment kexec-tools-eppic is earlier than 0:2.0.7-19.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150986005
        • comment kexec-tools-eppic is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150986006
rhsa
id RHSA-2015:0986
released 2015-05-12
severity Moderate
title RHSA-2015:0986: kexec-tools security, bug fix, and enhancement update (Moderate)
rpms
  • kexec-tools-0:2.0.7-19.ael7b_1.2
  • kexec-tools-0:2.0.7-19.el7_1.2
  • kexec-tools-anaconda-addon-0:2.0.7-19.ael7b_1.2
  • kexec-tools-anaconda-addon-0:2.0.7-19.el7_1.2
  • kexec-tools-debuginfo-0:2.0.7-19.ael7b_1.2
  • kexec-tools-debuginfo-0:2.0.7-19.el7_1.2
  • kexec-tools-eppic-0:2.0.7-19.ael7b_1.2
  • kexec-tools-eppic-0:2.0.7-19.el7_1.2
refmap via4
bid 74622
Last major update 12-02-2023 - 23:15
Published 19-05-2015 - 18:59
Last modified 12-02-2023 - 23:15
Back to Top