All the vulnerabilites related to ABRT - ABRT
cve-2011-4088
Vulnerability from cvelistv5
Published
2020-01-31 16:45
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
ABRT might allow attackers to obtain sensitive information from crash reports.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071027.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71871 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABRT",
"vendor": "ABRT",
"versions": [
{
"status": "affected",
"version": "2.0.8"
}
]
}
],
"datePublic": "2011-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ABRT might allow attackers to obtain sensitive information from crash reports."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T16:45:33",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71871"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4088",
"datePublished": "2020-01-31T16:45:33",
"dateReserved": "2011-10-18T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3147
Vulnerability from cvelistv5
Published
2020-01-14 17:31
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/04/17/5 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1212953 | x_refsource_MISC | |
| https://github.com/abrt/abrt/pull/955 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2015-1083.html | x_refsource_MISC | |
| https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/pull/955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1083.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABRT",
"vendor": "ABRT",
"versions": [
{
"status": "affected",
"version": "before 2.6.0"
}
]
}
],
"datePublic": "2015-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Symbolic Link Following",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T17:31:49",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/abrt/abrt/pull/955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1083.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3147",
"datePublished": "2020-01-14T17:31:49",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3151
Vulnerability from cvelistv5
Published
2020-01-14 17:47
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151 | x_refsource_MISC | |
| https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932 | x_refsource_CONFIRM | |
| https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b | x_refsource_CONFIRM | |
| https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364 | x_refsource_CONFIRM | |
| https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277 | x_refsource_CONFIRM | |
| https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABRT",
"vendor": "ABRT",
"versions": [
{
"status": "affected",
"version": "before 7a47f57975be0d285a2f20758e4572dca6d9cdd3"
}
]
}
],
"datePublic": "2015-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal (Local File Inclusion)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T17:47:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3151",
"datePublished": "2020-01-14T17:47:12",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3159
Vulnerability from cvelistv5
Published
2020-01-14 18:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1216962 | x_refsource_CONFIRM | |
| https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b | x_refsource_CONFIRM | |
| https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABRT",
"vendor": "ABRT",
"versions": [
{
"status": "affected",
"version": "before 9a4100678fea4d60ec93d35f4c5de2e9ad054f3a"
}
]
}
],
"datePublic": "2015-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T18:00:14",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3159",
"datePublished": "2020-01-14T18:00:14",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1869
Vulnerability from cvelistv5
Published
2020-01-14 17:31
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/04/17/5 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1212861 | x_refsource_MISC | |
| https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca | x_refsource_CONFIRM | |
| https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABRT",
"vendor": "ABRT",
"versions": [
{
"status": "affected",
"version": "before 7417505e1d93cc95ec648b74e3c801bc67aacb9f"
}
]
}
],
"datePublic": "2015-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Symbolic Link Following",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T17:31:46",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1869",
"datePublished": "2020-01-14T17:31:46",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3150
Vulnerability from cvelistv5
Published
2020-01-14 17:34
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1214457 | x_refsource_MISC | |
| https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8 | x_refsource_MISC | |
| https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1 | x_refsource_MISC | |
| https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7 | x_refsource_MISC | |
| https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABRT",
"vendor": "ABRT",
"versions": [
{
"status": "affected",
"version": "before 1951e7282043dfe1268d492aea056b554baedb75"
}
]
}
],
"datePublic": "2015-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T17:34:43",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3150",
"datePublished": "2020-01-14T17:34:43",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}