Symlink Attack Vulnerability in abrt-action-install-debuginfo-to-abrt-cache

Symlink Attack Vulnerability in abrt-action-install-debuginfo-to-abrt-cache

CVE-2015-5273 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:P

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.

Learn more about our User Device Pen Test.