Lucene search
Veracode Vulnerability DatabaseVERACODE:10981HistoryJan 15, 2019 - 8:55 a.m.
Arbitrary Code Execution
2019-01-1508:55:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.0004 Low
EPSS
Percentile
9.8%
abrt is vulnerable to arbitrary code execution. The /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool does not sufficiently sanitize its environment variables, allowing arbitrary Python modules to be loaded and run from non-standard directories such as /tmp. A local attacker is able to execute arbitrary code by modifying the PYTHONPATH environment variable to reference a malicious Python module.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libreport | eq | 2.0.5__20.el6 | |
| abrt | eq | 2.0.4__14.el6 | |
| abrt | eq | 1.1.16__3.el6 | |
| abrt | eq | 1.1.13__4.el6 |
Related
prion
prion
Design/Logic Flaw
2013-03-12 23:55:00
cve
cve
CVE-2012-5659
2022-10-03 16:15:30
cvelist
cvelist
CVE-2012-5659
2022-10-03 16:15:30
nvd
nvd
CVE-2012-5659
2013-03-12 23:55:01
nessus
nessus
CentOS 6 : abrt / libreport (CESA-2013:0215)
2013-02-01 00:00:00
Scientific Linux Security Update : abrt and libreport on SL6.x i386/x86_64 (20130131)
2013-02-04 00:00:00
RHEL 6 : abrt and libreport (RHSA-2013:0215)
2013-02-01 00:00:00
centos
centos
abrt, libreport security update
2013-02-01 00:54:46
openvas
openvas
CentOS Update for abrt CESA-2013:0215 centos6
2013-02-04 00:00:00
RedHat Update for abrt and libreport RHSA-2013:0215-01
2013-02-04 00:00:00
CentOS Update for abrt CESA-2013:0215 centos6
2013-02-04 00:00:00
redhat
redhat
(RHSA-2013:0215) Important: abrt and libreport security update
2013-01-31 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 04:52:18
oraclelinux
oraclelinux
abrt and libreport security update
2013-01-31 00:00:00