Lucene search

Veracode Vulnerability DatabaseVERACODE:10981

HistoryJan 15, 2019 - 8:55 a.m.

Arbitrary Code Execution

2019-01-1508:55:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.7%

JSON

abrt is vulnerable to arbitrary code execution. The /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool does not sufficiently sanitize its environment variables, allowing arbitrary Python modules to be loaded and run from non-standard directories such as /tmp. A local attacker is able to execute arbitrary code by modifying the PYTHONPATH environment variable to reference a malicious Python module.

CPENameOperatorVersion
libreporteq2.0.5__20.el6
abrteq2.0.4__14.el6
abrteq1.1.16__3.el6
abrteq1.1.13__4.el6

Name	Operator	Version
libreport	eq	2.0.5__20.el6
abrt	eq	2.0.4__14.el6
abrt	eq	1.1.16__3.el6
abrt	eq	1.1.13__4.el6

References

git.fedorahosted.org/cgit/abrt.git/commit/?id=b173d81b577953b96a282167c7eecd66bf111a4f

rhn.redhat.com/errata/RHSA-2013-0215.html

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=854011

rhn.redhat.com/errata/RHSA-2013-0215.html

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for VERACODE:10981