Vulnerability DatabaseCVE-2015-5287
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-5287
Published:December 07, 2015
Updated:May 16, 2026
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
Related Resources (9)
http://www.openwall.com/lists/oss-security/2015/12/01/1
https://www.exploit-db.com/exploits/38832/
https://access.redhat.com/security/cve/CVE-2015-5287
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/78137
http://packetstormsecurity.com/files/154592/ABRT-sosreport-Privilege-Escalation.html
https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e
https://bugzilla.redhat.com/show_bug.cgi?id=1266837
http://rhn.redhat.com/errata/RHSA-2015-2505.html
Do you need more information?
Contact Us
CVSS v3
Base Score:
7.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Exploit Maturity
FUNCTIONAL
CVSS v2
Base Score:
6.9
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Improper Link Resolution Before File Access ('Link Following')
CWE-59
EPSS
Base Score:
12.90