[Triumf-linux-managers] FYI - CVE-2015-3315 and abrt
Andrew Daviel
advax at triumf.ca
Thu May 7 15:11:13 PDT 2015
FYI - vulnerabilities found in abrt (Automatic bug detection and reporting
tool) in CentOS 6,7.
We believe this does not represent a significant threat, and abrt is not
installed in TRIUMF kickstarts or virtual machines.
However, it may be installed on personal machines and there's probably no
reason to be running it. It may offer a privilege escalation, typically
from a stolen account on a multiuser machine to root.
My CentOS 6 machine at home has it, and as of 10 minutes ago there is no
update available.
https://access.redhat.com/articles/1415483
"ABRT is not an essential system service, and corefile collection can be
safely disabled by the administrator "
http://seclists.org/fulldisclosure/2015/Apr/34
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
More information about the Triumf-linux-managers
mailing list