CVE-2015-1870
- ULN >
- Oracle Linux CVE repository >
- CVE-2015-1870
CVE Details
| Release Date: | 2015-04-17 |
Description
It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged users from accessing any crash reports, even reports of crashes of processes owned by those users. Only administrators (the wheel group members) are allowed to access crash reports via the System tab in the ABRT GUI, or by running abrt-cli as root (that is, via "sudo abrt-cli" or "su -c abrt-cli").
See more information about CVE-2015-1870 from MITRE CVE dictionary and NIST NVD
CVSS v2.0 metrics
NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.
| Base Score: | 2.1 | Base Metrics: | AV:L/AC:L/Au:N/C:P/I:N/A:N |
| Access Vector: | Local network | Attack Complexity: | Low |
| Authentication: | None required | Confidentiality Impact: | Partial |
| Integrity Impact: | None | Availability Impact: | None |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 6 (abrt) | ELSA-2015-1210 | 2015-07-07 |
| Oracle Linux version 6 (libreport) | ELSA-2015-1210 | 2015-07-07 |
| Oracle Linux version 7 (abrt) | ELSA-2015-1083 | 2015-06-09 |
| Oracle Linux version 7 (libreport) | ELSA-2015-1083 | 2015-06-09 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
