CVE-2012-5660
medium
CVSS v3
—
CVSS v2
6.9
VIR risk
6.9
Description
abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://git.fedorahosted.org/cgit/libreport.git/commit/?id=3bbf961b1884dd32654dd39b360dd78ef294b10a
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | automatic_bug_reporting_tool | {"endIncluding":"2.0.9"} | |
| redhat | automatic_bug_reporting_tool | 2.0.0 | |
| redhat | automatic_bug_reporting_tool | 2.0.1 | |
| redhat | automatic_bug_reporting_tool | 2.0.2 | |
| redhat | automatic_bug_reporting_tool | 2.0.3 | |
| redhat | automatic_bug_reporting_tool | 2.0.4 | |
| redhat | automatic_bug_reporting_tool | 2.0.4.980 | |
| redhat | automatic_bug_reporting_tool | 2.0.4.981 | |
| redhat | automatic_bug_reporting_tool | 2.0.5 | |
| redhat | automatic_bug_reporting_tool | 2.0.6 | |
| redhat | automatic_bug_reporting_tool | 2.0.7 | |
| redhat | automatic_bug_reporting_tool | 2.0.8 | |
References
- http://git.fedorahosted.org/cgit/libreport.git/commit/?id=3bbf961b1884dd32654dd39b360dd78ef294b10a
- http://rhn.redhat.com/errata/RHSA-2013-0215.html
- https://bugzilla.redhat.com/show_bug.cgi?id=887866
- http://git.fedorahosted.org/cgit/libreport.git/commit/?id=3bbf961b1884dd32654dd39b360dd78ef294b10a
- http://rhn.redhat.com/errata/RHSA-2013-0215.html
- https://bugzilla.redhat.com/show_bug.cgi?id=887866
CWEs
CWE-264 CWE-362
Verify integrity in audit chain (admin only). AS-IS.