ID CVE-2012-5660
Summary abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4.980:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4.980:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4.981:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4.981:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:0.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.7-el6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.7-el6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.7.f12:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.7.f12:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:1.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.9:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 19-03-2013 - 04:00)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 887866
title CVE-2012-5660 abrt: Race condition in abrt-action-install-debuginfo
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment libreport is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215005
      • comment libreport is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841036
    • AND
      • comment libreport-cli is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215011
      • comment libreport-cli is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841040
    • AND
      • comment libreport-devel is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215025
      • comment libreport-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841048
    • AND
      • comment libreport-gtk is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215007
      • comment libreport-gtk is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841044
    • AND
      • comment libreport-gtk-devel is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215017
      • comment libreport-gtk-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841042
    • AND
      • comment libreport-newt is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215021
      • comment libreport-newt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841050
    • AND
      • comment libreport-plugin-bugzilla is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215027
      • comment libreport-plugin-bugzilla is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841054
    • AND
      • comment libreport-plugin-kerneloops is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215023
      • comment libreport-plugin-kerneloops is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841058
    • AND
      • comment libreport-plugin-logger is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215015
      • comment libreport-plugin-logger is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841046
    • AND
      • comment libreport-plugin-mailx is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215013
      • comment libreport-plugin-mailx is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841060
    • AND
      • comment libreport-plugin-reportuploader is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215009
      • comment libreport-plugin-reportuploader is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841052
    • AND
      • comment libreport-plugin-rhtsupport is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215029
      • comment libreport-plugin-rhtsupport is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841038
    • AND
      • comment libreport-python is earlier than 0:2.0.9-5.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215019
      • comment libreport-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841056
    • AND
      • comment abrt is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215031
      • comment abrt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841014
    • AND
      • comment abrt-addon-ccpp is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215039
      • comment abrt-addon-ccpp is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841028
    • AND
      • comment abrt-addon-kerneloops is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215033
      • comment abrt-addon-kerneloops is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841018
    • AND
      • comment abrt-addon-python is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215043
      • comment abrt-addon-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841016
    • AND
      • comment abrt-addon-vmcore is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215041
      • comment abrt-addon-vmcore is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841022
    • AND
      • comment abrt-cli is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215037
      • comment abrt-cli is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841024
    • AND
      • comment abrt-desktop is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215051
      • comment abrt-desktop is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841026
    • AND
      • comment abrt-devel is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215045
      • comment abrt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841020
    • AND
      • comment abrt-gui is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215049
      • comment abrt-gui is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841030
    • AND
      • comment abrt-libs is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215047
      • comment abrt-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841034
    • AND
      • comment abrt-tui is earlier than 0:2.0.8-6.el6_3.2
        oval oval:com.redhat.rhsa:tst:20130215035
      • comment abrt-tui is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120841032
rhsa
id RHSA-2013:0215
released 2013-01-31
severity Important
title RHSA-2013:0215: abrt and libreport security update (Important)
rpms
  • libreport-0:2.0.9-5.el6_3.2
  • libreport-cli-0:2.0.9-5.el6_3.2
  • libreport-devel-0:2.0.9-5.el6_3.2
  • libreport-gtk-0:2.0.9-5.el6_3.2
  • libreport-gtk-devel-0:2.0.9-5.el6_3.2
  • libreport-newt-0:2.0.9-5.el6_3.2
  • libreport-plugin-bugzilla-0:2.0.9-5.el6_3.2
  • libreport-plugin-kerneloops-0:2.0.9-5.el6_3.2
  • libreport-plugin-logger-0:2.0.9-5.el6_3.2
  • libreport-plugin-mailx-0:2.0.9-5.el6_3.2
  • libreport-plugin-reportuploader-0:2.0.9-5.el6_3.2
  • libreport-plugin-rhtsupport-0:2.0.9-5.el6_3.2
  • libreport-python-0:2.0.9-5.el6_3.2
  • abrt-0:2.0.8-6.el6_3.2
  • abrt-addon-ccpp-0:2.0.8-6.el6_3.2
  • abrt-addon-kerneloops-0:2.0.8-6.el6_3.2
  • abrt-addon-python-0:2.0.8-6.el6_3.2
  • abrt-addon-vmcore-0:2.0.8-6.el6_3.2
  • abrt-cli-0:2.0.8-6.el6_3.2
  • abrt-desktop-0:2.0.8-6.el6_3.2
  • abrt-devel-0:2.0.8-6.el6_3.2
  • abrt-gui-0:2.0.8-6.el6_3.2
  • abrt-libs-0:2.0.8-6.el6_3.2
  • abrt-tui-0:2.0.8-6.el6_3.2
refmap via4
confirm http://git.fedorahosted.org/cgit/libreport.git/commit/?id=3bbf961b1884dd32654dd39b360dd78ef294b10a
misc https://bugzilla.redhat.com/show_bug.cgi?id=887866
Last major update 19-03-2013 - 04:00
Published 12-03-2013 - 23:55
Back to Top