| Vulnerability Name: | CVE-2015-3150 (CCN-174379) | ||||||||||||
| Assigned: | 2015-04-22 | ||||||||||||
| Published: | 2015-04-22 | ||||||||||||
| Updated: | 2023-02-13 | ||||||||||||
| Summary: | abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. | ||||||||||||
| CVSS v3 Severity: | 7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) 6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-3150 Source: CCN Type: ABRT Web site How ABRT works — ABRT Project Documentation Source: CCN Type: Red Hat Bugzilla Bug 1214457 (CVE-2015-3150) - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments Source: secalert@redhat.com Type: Issue Tracking, Third Party Advisory secalert@redhat.com Source: XF Type: UNKNOWN abrt-cve20153150-sec-bypass(174379) Source: secalert@redhat.com Type: Patch, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Patch, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Patch, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Patch, Third Party Advisory secalert@redhat.com | ||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||