Home > Vulnerability Database > CVE-2015-3142

Mend.io Vulnerability Database

CVE-2015-3142

Date: June 26, 2017

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.

Language: C

Severity Score

4.7

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-3142

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1212818

Url: http://www.securityfocus.com/bid/75116

Url: http://rhn.redhat.com/errata/RHSA-2015-1083.html

Url: http://www.openwall.com/lists/oss-security/2015/04/17/5

Url: https://access.redhat.com/security/cve/CVE-2015-3142

Url: http://rhn.redhat.com/errata/RHSA-2015-1210.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-3142

Severity Score

4.7

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	4.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	1.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-3142

Date: June 26, 2017

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?