Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 05 May 2015 14:17:32 +0200
From: Florian Weimer <>
Subject: Re: Problems in automatic crash analysis frameworks

On 04/23/2015 09:10 PM, Florian Weimer wrote:
> On 04/17/2015 09:16 PM, Florian Weimer wrote:
>> A quick update on the abrt situation.
> Another update.  We now have a public tracking bug listing the issues:
>   <>

We have identified one more issue:

abrt-action-install-debuginfo-to-abrt-cache is a SUID wrapper which
incorrectly filters the process environment (umask and truncated command
line arguments such as “--ca“) before invoking the actual program.  This
allows a local attacker to create a world-writable problem directory and
eventually escalate their privileges to root.  (Other attacks against
the cpio extraction might be feasible.)  CVE-2015-3159

Jakub Filak has created several pull requests fixing all the issues
identified so far:


There is a public build (against EPEL7) of the consolidated fixes,
available as a Copr repository:


This also includes the consolidated fixes.

At this stage, we'd appreciate additional comments/reviews.

Florian Weimer / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.