1212818 – (CVE-2015-3142) CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others

Bug 1212818 (CVE-2015-3142) - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others

Summary: CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-3142
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1211966 1211967 1212819 1212820 1212821
Blocks:	1211224 1214172
TreeView+	depends on / blocked

Reported:	2015-04-17 11:55 UTC by Florian Weimer
Modified:	2023-05-12 08:44 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp).
Clone Of:
Environment:
Last Closed:	2015-07-09 05:33:49 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1083	0	normal	SHIPPED_LIVE	Important: abrt security update	2015-06-09 23:48:24 UTC
Red Hat Product Errata	RHSA-2015:1210	0	normal	SHIPPED_LIVE	Moderate: abrt security update	2015-07-07 12:39:40 UTC

Description Florian Weimer 2015-04-17 11:55:16 UTC

It was discovered that the kernel-invoked coredump processor provided by
abrt writes core dumps to files owned by other system users.  This could
result in information disclosure if an application crashes while its
current directory is a directory writable to other users (such as /tmp).

Acknowledgement:

This issue was discovered by Florian Weimer of Red Hat Product Security.

Comment 2 Florian Weimer 2015-04-17 11:56:47 UTC

Created abrt tracking bugs for this issue:

Affects: fedora-all [bug 1212821]

Comment 3 Jakub Filak 2015-05-05 11:06:15 UTC

These upstream commits fixes this cve:
https://github.com/abrt/abrt/commit/af945ff58a698ce00c45059a05994ef53a13e192
https://github.com/abrt/abrt/commit/806bb07571b698d90169c3b73cb65cd09c900284
https://github.com/abrt/abrt/commit/b72616471ec52a009904689592f4f69e730a6f56
https://github.com/abrt/abrt/commit/7269a2cc88735aee0d1fa62491b9efe73ab5c6e8

Comment 4 errata-xmlrpc 2015-06-09 19:48:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1083 https://rhn.redhat.com/errata/RHSA-2015-1083.html

Comment 5 errata-xmlrpc 2015-07-07 08:40:09 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1210 https://rhn.redhat.com/errata/RHSA-2015-1210.html

Note You need to log in before you can comment on or make changes to this bug.