CVE-2012-5659
low
CVSS v3
—
CVSS v2
3.7
VIR risk
3.7
Description
Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://git.fedorahosted.org/cgit/abrt.git/commit/?id=b173d81b577953b96a282167c7eecd66bf111a4f
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | automatic_bug_reporting_tool | {"endIncluding":"2.0.9"} | |
| redhat | automatic_bug_reporting_tool | 2.0.0 | |
| redhat | automatic_bug_reporting_tool | 2.0.1 | |
| redhat | automatic_bug_reporting_tool | 2.0.2 | |
| redhat | automatic_bug_reporting_tool | 2.0.3 | |
| redhat | automatic_bug_reporting_tool | 2.0.4 | |
| redhat | automatic_bug_reporting_tool | 2.0.4.980 | |
| redhat | automatic_bug_reporting_tool | 2.0.4.981 | |
| redhat | automatic_bug_reporting_tool | 2.0.5 | |
| redhat | automatic_bug_reporting_tool | 2.0.6 | |
| redhat | automatic_bug_reporting_tool | 2.0.7 | |
| redhat | automatic_bug_reporting_tool | 2.0.8 | |
References
- http://git.fedorahosted.org/cgit/abrt.git/commit/?id=b173d81b577953b96a282167c7eecd66bf111a4f
- http://rhn.redhat.com/errata/RHSA-2013-0215.html
- https://bugzilla.redhat.com/show_bug.cgi?id=854011
- http://git.fedorahosted.org/cgit/abrt.git/commit/?id=b173d81b577953b96a282167c7eecd66bf111a4f
- http://rhn.redhat.com/errata/RHSA-2013-0215.html
- https://bugzilla.redhat.com/show_bug.cgi?id=854011
Verify integrity in audit chain (admin only). AS-IS.