Bug 1214451 – CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1214451 - (CVE-2015-3151) CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus

Summary:	CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented...

Status:	CLOSED ERRATA

Aliases:	CVE-2015-3151

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=important,public=20150422,repo...
Keywords:	Security

Depends On:	1214452 1214453 1214454 1218235
Blocks:	1211224 1214172
	Show dependency tree / graph

Reported:	2015-04-22 14:11 EDT by Florian Weimer
Modified:	2015-07-10 04:14 EDT (History)
CC List:	8 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Multiple directory traversal flaws were found in the abrt-dbus D-Bus service. A local attacker could use these flaws to read and write arbitrary files as the root user.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-07-09 01:35:11 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1083	normal	SHIPPED_LIVE	Important: abrt security update	2015-06-09 19:48:24 EDT

Groups: None (edit)

Description Florian Weimer 2015-04-22 14:11:37 EDT

It was discovered that the abrt-dbus D-Bus service contains several
directory traversal flaws related to the NewProblem, GetInfo and
SetElement methods.  Local attackers could use these flaws to read and
write arbitrary files as the root user, or take ownership of arbitrary
files and directories.

Acknowledgements:

This issue was discovered by Florian Weimer of Red Hat Product Security.

Comment 3 Florian Weimer 2015-04-22 14:15:34 EDT

Created abrt tracking bugs for this issue:

Affects: fedora-all [bug 1214452]

Comment 4 Jakub Filak 2015-05-05 07:28:23 EDT

The following upstream commits fix this cve:
https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932
https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b
https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364
https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277

Comment 5 Jakub Filak 2015-05-15 04:43:05 EDT

Martin has found out that DeleteElement method is still vulnerable. This upstream commit adds additional verification of all D-Bus parameters:
https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3

Comment 6 errata-xmlrpc 2015-06-09 15:49:12 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1083 https://rhn.redhat.com/errata/RHSA-2015-1083.html

Note You need to log in before you can comment on or make changes to this bug.