Medium severity4.7NVD Advisory· Published Jun 26, 2017· Updated May 13, 2026

CVE-2015-3142

Description

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.

Affected products

Red Hat/Automatic Bug Reporting Tool
cpe:2.3:a:redhat:automatic_bug_reporting_tool:*:*:*:*:*:*:*:*
Range: <=2.1.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2015-1083.htmlnvdVendor Advisory
www.openwall.com/lists/oss-security/2015/04/17/5nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/75116nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1210.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.306
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000