CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3159 – abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache
https://notcve.org/view.php?id=CVE-2015-3159
10 Jun 2015 — The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges. El programa de ayuda abrt-action-install-debuginfo-to-abrt-cache en Automatic Bug Reporting Tool (ABRT). no maneja apropiadamente el entorno del proceso antes de invocar a abrt-action-install-debuginfo, lo que permite a usuarios locales alcanzar privilegios. It was disco... • https://bugzilla.redhat.com/show_bug.cgi?id=1216962 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 1CVE-2012-5659 – abrt: Arbitrary Python code execution due improper sanitization of the PYTHONPATH environment variable by installing debuginfo packages into cache
https://notcve.org/view.php?id=CVE-2012-5659
12 Mar 2013 — Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module. Vulnerabilidad de búsqueda en ruta no confiable en plugins/abrt-action-install-debuginfo-to-abrt-cache.c en Automatic Bug Reporting Tool (ABRT) v2.0.9 y anteriores, permite a usuarios locales cargar y ejecutar... • http://git.fedorahosted.org/cgit/abrt.git/commit/?id=b173d81b577953b96a282167c7eecd66bf111a4f •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2012-5660 – abrt: Race condition in abrt-action-install-debuginfo
https://notcve.org/view.php?id=CVE-2012-5660
12 Mar 2013 — abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." abrt-action-install-debuginfo en Automatic Bug Reporting Tool (ABRT) v2.0.9 y anteriores, permite a usuarios locales establecer permisos de lectura globales para archivos de su elección y posiblemente obtener privilegios a través de un ataq... • http://git.fedorahosted.org/cgit/libreport.git/commit/?id=3bbf961b1884dd32654dd39b360dd78ef294b10a • CWE-264: Permissions, Privileges, and Access Controls CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2012-1106 – abrt: Setuid process core dump archived with unsafe GID permissions
https://notcve.org/view.php?id=CVE-2012-1106
03 Jul 2012 — The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information. El controlador de C plug-in en la herramienta automática de informe de errores (ABRT), posiblemente v2.0.8 y versiones anteriores, no establecer correctamente los permisos de grupo (GID) en los ficheros de volcado del núcl... • http://rhn.redhat.com/errata/RHSA-2012-0841.html • CWE-264: Permissions, Privileges, and Access Controls •