Bug 1214451 (CVE-2015-3151) - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus
Summary: CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-3151
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1214452 1214453 1214454 1218235
Blocks: 1211224 1214172
TreeView+ depends on / blocked
 
Reported: 2015-04-22 18:11 UTC by Florian Weimer
Modified: 2019-09-29 13:31 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Multiple directory traversal flaws were found in the abrt-dbus D-Bus service. A local attacker could use these flaws to read and write arbitrary files as the root user.
Clone Of:
Environment:
Last Closed: 2015-07-09 05:35:11 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1083 normal SHIPPED_LIVE Important: abrt security update 2015-06-09 23:48:24 UTC

Description Florian Weimer 2015-04-22 18:11:37 UTC
It was discovered that the abrt-dbus D-Bus service contains several
directory traversal flaws related to the NewProblem, GetInfo and
SetElement methods.  Local attackers could use these flaws to read and
write arbitrary files as the root user, or take ownership of arbitrary
files and directories.

Acknowledgements:

This issue was discovered by Florian Weimer of Red Hat Product Security.

Comment 3 Florian Weimer 2015-04-22 18:15:34 UTC
Created abrt tracking bugs for this issue:

Affects: fedora-all [bug 1214452]

Comment 5 Jakub Filak 2015-05-15 08:43:05 UTC
Martin has found out that DeleteElement method is still vulnerable. This upstream commit adds additional verification of all D-Bus parameters:
https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3

Comment 6 errata-xmlrpc 2015-06-09 19:49:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1083 https://rhn.redhat.com/errata/RHSA-2015-1083.html


Note You need to log in before you can comment on or make changes to this bug.