3 matches found
abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache
It was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system...
ABRT abrt-action-install-debuginfo-to-abrt-cache local elevation of privilege vulnerability
ABRT is an automated bug reporting tool. ABRT abrt-action-install-debuginfo-to-abrt-cache handles environment variables with vulnerabilities that allow local attackers to exploit exploits for elevation of privilege...
abrt: Arbitrary Python code execution due improper sanitization of the PYTHONPATH environment variable by installing debuginfo packages into cache
Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool ABRT 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python modu...