Bug 1212818 (CVE-2015-3142)

Summary: CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others
Product: [Other] Security Response Reporter: Florian Weimer <fweimer>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abrt-devel-list, dvlasenk, iprikryl, jfilak, jrusnack, mhabrnal, michal.toman, mmilata
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp).
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-09 05:33:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1211966, 1211967, 1212819, 1212820, 1212821    
Bug Blocks: 1211224, 1214172    

Description Florian Weimer 2015-04-17 11:55:16 UTC 
It was discovered that the kernel-invoked coredump processor provided by
abrt writes core dumps to files owned by other system users.  This could
result in information disclosure if an application crashes while its
current directory is a directory writable to other users (such as /tmp).

Acknowledgement:

This issue was discovered by Florian Weimer of Red Hat Product Security.
Comment 2 Florian Weimer 2015-04-17 11:56:47 UTC 
Created abrt tracking bugs for this issue:

Affects: fedora-all [bug 1212821]
Comment 3 Jakub Filak 2015-05-05 11:06:15 UTC 
These upstream commits fixes this cve:
https://github.com/abrt/abrt/commit/af945ff58a698ce00c45059a05994ef53a13e192
https://github.com/abrt/abrt/commit/806bb07571b698d90169c3b73cb65cd09c900284
https://github.com/abrt/abrt/commit/b72616471ec52a009904689592f4f69e730a6f56
https://github.com/abrt/abrt/commit/7269a2cc88735aee0d1fa62491b9efe73ab5c6e8
Comment 4 errata-xmlrpc 2015-06-09 19:48:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1083 https://rhn.redhat.com/errata/RHSA-2015-1083.html
Comment 5 errata-xmlrpc 2015-07-07 08:40:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1210 https://rhn.redhat.com/errata/RHSA-2015-1210.html