CVE-2012-5660

Automatic Bug Reporting Tool < 2.0.9 - Privilege Escalation via Symlink Attack

Title source: llm

Description

abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0215.html

Issue Tracking x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=887866

Exploit, Patch x_refsource_confirm

http://git.fedorahosted.org/cgit/libreport.git/commit/?id=3bbf961b1884dd32654dd39b360dd78ef294b10a

Scores

EPSS 0.0031

EPSS Percentile 23.1%

Details

CWE

CWE-264 CWE-362

Status published

Products (12)

redhat/automatic_bug_reporting_tool 2.0.0

redhat/automatic_bug_reporting_tool 2.0.1

redhat/automatic_bug_reporting_tool 2.0.2

redhat/automatic_bug_reporting_tool 2.0.3

redhat/automatic_bug_reporting_tool 2.0.4

redhat/automatic_bug_reporting_tool 2.0.4.980

redhat/automatic_bug_reporting_tool 2.0.4.981

redhat/automatic_bug_reporting_tool 2.0.5

redhat/automatic_bug_reporting_tool 2.0.6

redhat/automatic_bug_reporting_tool 2.0.7

... and 2 more

Published Mar 12, 2013

Tracked Since Feb 18, 2026