Symlink Attack Vulnerability in abrt-action-install-debuginfo-to-abrt-cache
CVE-2015-5273 · LOW Severity
AV:L/AC:L/AU:N/C:N/I:P/A:P
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
Learn more about our User Device Pen Test.