daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Automatic_bug_reporting_tool | Redhat | - (including) | - (including) |
| Enterprise_linux_desktop | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_server | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_server_aus | Redhat | 7.3 (including) | 7.3 (including) |
| Enterprise_linux_server_aus | Redhat | 7.4 (including) | 7.4 (including) |
| Enterprise_linux_server_aus | Redhat | 7.6 (including) | 7.6 (including) |
| Enterprise_linux_server_aus | Redhat | 7.7 (including) | 7.7 (including) |
| Enterprise_linux_server_eus | Redhat | 7.1 (including) | 7.1 (including) |
| Enterprise_linux_server_eus | Redhat | 7.2 (including) | 7.2 (including) |
| Enterprise_linux_server_eus | Redhat | 7.3 (including) | 7.3 (including) |
| Enterprise_linux_server_eus | Redhat | 7.4 (including) | 7.4 (including) |
| Enterprise_linux_server_eus | Redhat | 7.5 (including) | 7.5 (including) |
| Enterprise_linux_server_eus | Redhat | 7.6 (including) | 7.6 (including) |
| Enterprise_linux_server_eus | Redhat | 7.7 (including) | 7.7 (including) |
| Enterprise_linux_server_tus | Redhat | 7.3 (including) | 7.3 (including) |
| Enterprise_linux_server_tus | Redhat | 7.6 (including) | 7.6 (including) |
| Enterprise_linux_server_tus | Redhat | 7.7 (including) | 7.7 (including) |
| Enterprise_linux_workstation | Redhat | 7.0 (including) | 7.0 (including) |