2 matches found
abrt: default abrt event scripts lead to information disclosure
It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged use...
PT-2017-6533 · Red Hat +1 · Abrt +2
Name of the Vulnerable Software and Affected Versions: Automatic Bug Reporting Tool ABRT affected versions not specified Description: The issue concerns the event scripts in ABRT, which use world-readable permission on a copy of the sosreport file in problem directories. This allows local users t...