CVE-2015-1862

HIGH

abrt < 2.2.0 - Local Privilege Escalation via Race Condition in Crash Reporting

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-1862. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary This exploit leverages a race condition in ABRT (Automatic Bug Reporting Tool) on Fedora 21 to gain ownership of arbitrary files by manipulating symlinks during crash report generation. It uses inotify to monitor ABRT's temporary directory and attempts to replace the 'maps' file with a symlink to the target file.

Description

The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Tavis Ormandy · clocallinux

https://www.exploit-db.com/exploits/36747

View Code ZIP pw:eip

This exploit leverages a race condition in ABRT (Automatic Bug Reporting Tool) on Fedora 21 to gain ownership of arbitrary files by manipulating symlinks during crash report generation. It uses inotify to monitor ABRT's temporary directory and attempts to replace the 'maps' file with a symlink to the target file.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: ABRT on Fedora 21

No auth needed

Prerequisites: Local access to a vulnerable Fedora 21 system · ABRT service running

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Tavis Ormandy · clocallinux

https://www.exploit-db.com/exploits/36746

View Code ZIP pw:eip

This exploit leverages CVE-2015-1862 in Abrt (and CVE-2015-1318 in Apport) by creating a chroot environment with hard links to the exploit binary, then triggering a core dump in a new PID/user namespace to gain root privileges. It checks for static compilation and spawns a root shell upon successful exploitation.