Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MiracleLinux 4 : btparser-0.17-1.AXS4, abrt-2.0.8-15.0.1.AXS4, libreport-2.0.9-15.0.2.AXS4 (AXSA:2013-204:01)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 2 Views

MiracleLinux 4 host packages affected by AXSA 2013-204-01 advisory for abrt, libreport, and btparser.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		CentOS 6 : abrt / libreport (CESA-2013:0215)
1 Feb 201300:00
nessus
Tenable Nessus		Oracle Linux 6 : abrt / and / libreport (ELSA-2013-0215)
12 Jul 201300:00
nessus
Tenable Nessus		RHEL 6 : abrt and libreport (RHSA-2013:0215)
1 Feb 201300:00
nessus
Tenable Nessus		Scientific Linux Security Update : abrt and libreport on SL6.x i386/x86_64 (20130131)
4 Feb 201300:00
nessus
Cent OS		abrt, libreport security update
1 Feb 201300:54
centos
CVE		CVE-2012-5659
12 Mar 201322:00
cve
CVE		CVE-2012-5660
12 Mar 201322:00
cve
Cvelist		CVE-2012-5659
12 Mar 201322:00
cvelist
Cvelist		CVE-2012-5660
12 Mar 201322:00
cvelist
Oracle linux		abrt and libreport security update
31 Jan 201300:00
oraclelinux
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2013-204:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289969);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");

  script_cve_id("CVE-2012-5659", "CVE-2012-5660");

  script_name(english:"MiracleLinux 4 : btparser-0.17-1.AXS4, abrt-2.0.8-15.0.1.AXS4, libreport-2.0.9-15.0.2.AXS4 (AXSA:2013-204:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2013-204:01 advisory.

    abrt: abrt is a tool to help users to detect defects in applications and to create a bug report with all
    informations needed by maintainer to fix it. It uses plugin system to extend its functionality.
     libreport: Libraries providing API for reporting different problems in applications to different bug
    targets like Bugzilla, ftp, trac, etc...
     btparser: Btparser is a backtrace parser and analyzer, which works with backtraces produced by the GNU
    Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze
    the threads and frames of the backtrace and work with them.
    Btparser also contains some backtrace manipulation and extraction routines:
     it can find a frame in the crash-time backtrace where the program most likely crashed
    (a chance is that the function described in that frame is buggy)
     it can produce a duplication hash of the backtrace, which helps to discover that two
    crash-time backtraces are duplicates, triggered by the same flaw of the code
     it can rate the backtrace quality, which depends on the number of frames with and
    without the function name known (missing function name is caused by missing debugging symbols)
    Security issues fixed with this release:
     CVE-2012-5659
    Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic
    Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python
    modules by modifying the PYTHONPATH environment variable to reference a malicious Python module.
     CVE-2012-5660
    abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users
    to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on
    the directories used to store information about crashes.
    Fixed bugs:
    abrt
     more multilib fixes
     rebuild because of broken brew builder
     Prevent daemon from being stuck (unresponsive to socket connects) while post-create even runs
     Prevent infinite loop of crashes
     don't follow symlinks
     fixed possible deadlock in abrt daemon
     fixed relro flags
     fixed the undefined weak symbols
     updated translation
     hopefully fixed ugly applet icon
     abrt-install-ccpp-hook: fix the check for %e presense
     abrt-harvest-vmcore: add CopyVMcore config option to copy vmcores.
     fixed problems discovered by brewtap
     don't try to run dbus-send if it's not installed
     [abrt] abrt-addon-ccpp-2.0.7-4.fc17: abrt-action-analyze-core:106:extract_info_from_core:IndexError: list
    index out of range
     abrt-addon-python: The process might hang forever if no one collects the dump it sends
     Reporting may fail with: abrt-bodhi: command not found
     too strict check for tainted kernel rhbz#814594 - abrt-ccpp status returned no status messages
     abrt missing dependency: libreport-plugin-bugzilla
     abrt-addon-python: The process might hang forever if no one collects the dump it sends
     don't remove new problems from abrt-upload directory
    libreport
     rebuilding beacause of failed rpmdiff - no changes
     in same cases we have to follow symlinks
     don't follow symlinks
     fixed relro flags
     removed confusing warning message
     added versioned requirements to silence rpmdiff
     removed reporter-bugzilla from config file re-added by mistake
     updated translation
     fixed brewtap warnings
     silence few rpmdiff warnings
     don't show the user credentials in logs
     use the default template for bz reports
     fix adding users to CC in bugzilla
     don't warn about daemon connection when deleting a problem
     ignore non problem dirs when cleaning old problems
     opt kernel out of showing smolt information in abrt bug reports.
     ABRT mailx plugin on by default causes crashes being always labelled as reported
     pkg-config --cflags libreport includs -fPIC
     Coverity revealed memory leaks and possibly other issues
     GLib warnings by report-gtk when crash dir does not exist
     `report' tool requires current working directory to be a crash dir
     Searching for duplicate anaconda bugs while reporting exception against partner-bugzilla during install
    fails
     Undefined non-weak symbols
     ABRT has wrong URL in dialog
    btparser
     New upstream release

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/3832");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5660");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2012-5659");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:abrt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:abrt-addon-ccpp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:abrt-addon-kerneloops");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:abrt-addon-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:abrt-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:abrt-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:abrt-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:abrt-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:abrt-tui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:btparser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport-compat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport-gtk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport-newt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport-plugin-kerneloops");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport-plugin-logger");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport-plugin-mailx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport-plugin-reportuploader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport-plugin-rhtsupport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libreport-python");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'abrt-2.0.8-15.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-2.0.8-15.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-addon-ccpp-2.0.8-15.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-addon-ccpp-2.0.8-15.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-addon-kerneloops-2.0.8-15.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-addon-kerneloops-2.0.8-15.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-addon-python-2.0.8-15.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-addon-python-2.0.8-15.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-cli-2.0.8-15.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-cli-2.0.8-15.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-desktop-2.0.8-15.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-desktop-2.0.8-15.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-gui-2.0.8-15.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-gui-2.0.8-15.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-libs-2.0.8-15.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-libs-2.0.8-15.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-tui-2.0.8-15.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'abrt-tui-2.0.8-15.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'btparser-0.17-1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'btparser-0.17-1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-cli-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-cli-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-compat-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-compat-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-gtk-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-gtk-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-newt-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-newt-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-plugin-kerneloops-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-plugin-kerneloops-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-plugin-logger-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-plugin-logger-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-plugin-mailx-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-plugin-mailx-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-plugin-reportuploader-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-plugin-reportuploader-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-plugin-rhtsupport-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-plugin-rhtsupport-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-python-2.0.9-15.0.2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libreport-python-2.0.9-15.0.2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Jan 2026 00:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 26.9
EPSS0.00065
abrt toollibreport librarybacktrace parsersecurity vulnerabilities
2