CVE-2015-3315
HIGHABRT raceabrt Privilege Escalation
Title source: metasploitDescription
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
Exploits (3)
metasploit
WORKING POC
EXCELLENT
by Tavis Ormandy, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/abrt_raceabrt_priv_esc.rb
exploitdb
WORKING POC
VERIFIED
by Tavis Ormandy · clocallinux
https://www.exploit-db.com/exploits/36747
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocallinux
https://www.exploit-db.com/exploits/44097
References (11)
Scores
CVSS v3
7.8
EPSS
0.0534
EPSS Percentile
89.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-59
Status
draft
Affected Products (1)
redhat/automatic_bug_reporting_tool
Timeline
Published
Jun 26, 2017
Tracked Since
Feb 18, 2026