Bug 1212818 – CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1212818 - (CVE-2015-3142) CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others

Summary:	CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned ...

Status:	CLOSED ERRATA

Aliases:	CVE-2015-3142

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20150417,reported=2...
Keywords:	Security

Depends On:	1211966 1211967 1212819 1212820 1212821
Blocks:	1211224 1214172
	Show dependency tree / graph

Reported:	2015-04-17 07:55 EDT by Florian Weimer
Modified:	2015-07-10 04:05 EDT (History)
CC List:	8 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp).
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-07-09 01:33:49 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1083	normal	SHIPPED_LIVE	Important: abrt security update	2015-06-09 19:48:24 EDT
Red Hat Product Errata	RHSA-2015:1210	normal	SHIPPED_LIVE	Moderate: abrt security update	2015-07-07 08:39:40 EDT

Groups: None (edit)

Description Florian Weimer 2015-04-17 07:55:16 EDT

It was discovered that the kernel-invoked coredump processor provided by
abrt writes core dumps to files owned by other system users.  This could
result in information disclosure if an application crashes while its
current directory is a directory writable to other users (such as /tmp).

Acknowledgement:

This issue was discovered by Florian Weimer of Red Hat Product Security.

Comment 2 Florian Weimer 2015-04-17 07:56:47 EDT

Created abrt tracking bugs for this issue:

Affects: fedora-all [bug 1212821]

Comment 3 Jakub Filak 2015-05-05 07:06:15 EDT

These upstream commits fixes this cve:
https://github.com/abrt/abrt/commit/af945ff58a698ce00c45059a05994ef53a13e192
https://github.com/abrt/abrt/commit/806bb07571b698d90169c3b73cb65cd09c900284
https://github.com/abrt/abrt/commit/b72616471ec52a009904689592f4f69e730a6f56
https://github.com/abrt/abrt/commit/7269a2cc88735aee0d1fa62491b9efe73ab5c6e8

Comment 4 errata-xmlrpc 2015-06-09 15:48:53 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1083 https://rhn.redhat.com/errata/RHSA-2015-1083.html

Comment 5 errata-xmlrpc 2015-07-07 04:40:09 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1210 https://rhn.redhat.com/errata/RHSA-2015-1210.html

Note You need to log in before you can comment on or make changes to this bug.