Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5660

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2012-5660
Last Modified 19 Mar 2013 12:00:00
Published 12 Mar 2013 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5660

Summary

abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."

Vulnerable Systems

Application

  • Redhat Automatic Bug Reporting Tool 2.0.0

  • Redhat Automatic Bug Reporting Tool 2.0.1

  • Redhat Automatic Bug Reporting Tool 2.0.2

  • Redhat Automatic Bug Reporting Tool 2.0.3

  • Redhat Automatic Bug Reporting Tool 2.0.4

  • Redhat Automatic Bug Reporting Tool 2.0.4.980

  • Redhat Automatic Bug Reporting Tool 2.0.4.981

  • Redhat Automatic Bug Reporting Tool 2.0.5

  • Redhat Automatic Bug Reporting Tool 2.0.6

  • Redhat Automatic Bug Reporting Tool 2.0.7

  • Redhat Automatic Bug Reporting Tool 2.0.8

  • Redhat Automatic Bug Reporting Tool 2.0.9


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=887866

REDHAT - RHSA-2013:0215

CONFIRM - http://git.fedorahosted.org/cgit/libreport.git/commit/?id=3bbf961b1884dd32654dd39b360dd78ef294b10a


Last Updated: 27 May 2016 11:02:04