Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:10981
HistoryJan 15, 2019 - 8:55 a.m.

Arbitrary Code Execution

2019-01-1508:55:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.7%

abrt is vulnerable to arbitrary code execution. The /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool does not sufficiently sanitize its environment variables, allowing arbitrary Python modules to be loaded and run from non-standard directories such as /tmp. A local attacker is able to execute arbitrary code by modifying the PYTHONPATH environment variable to reference a malicious Python module.

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.7%