Bug 1214457 (CVE-2015-3150)

Summary: CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments
Product: [Other] Security Response Reporter: Florian Weimer <fweimer>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abrt-devel-list, dvlasenk, iprikryl, jfilak, jrusnack, mhabrnal, michal.toman, mmilata
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and directories as the root user.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-09 05:35:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1214609, 1214610, 1214612, 1218236    
Bug Blocks: 1211224, 1214172    

Description Florian Weimer 2015-04-22 18:20:27 UTC 
It was discovered that the abrt-dbus D-Bus service does not properly
check the validity of the problem directory argument in the
ChownProblemDir, DeleteElement, and DeleteProblem methods.  A local
attacker could use this flaw take ownership of arbitrary files and
directories, or to delete files and directories as the root user.

Acknowledgements:

This issue was discovered by Florian Weimer of Red Hat Product Security.
Comment 3 Jakub Filak 2015-05-05 11:28:39 UTC 
These upstream commits fix this cve:
https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7
https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8
https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1
https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75
Comment 4 errata-xmlrpc 2015-06-09 19:49:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1083 https://rhn.redhat.com/errata/RHSA-2015-1083.html