How severe is CVE-2015-1324?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2015-1324?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2015-1324 - HIGH Severity | CVSS 7.8

Vulnerability Description

Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.

Related Vulnerabilities

CVE-2008-1246

HIGH

CVSS:7.8(High)

The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holdi...

CWE-2642008

CVE-2010-2554

HIGH

CVSS:7.8(High)

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain ...

CWE-2642010

CVE-2013-3024

HIGH

CVSS:7.8(High)

IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.

CWE-2642013

CVE-2013-6876

HIGH

CVSS:7.8(High)

The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and ear...

CWE-2642013

CVE-2014-10070

HIGH

CVSS:7.8(High)

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, ...

CWE-2642014

CVE-2014-1226

HIGH

CVSS:7.8(High)

The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of ...

CWE-2642014