CVSS: 3.7EPSS: 0%CPEs: 12EXPL: 1CVE-2012-5659 – abrt: Arbitrary Python code execution due improper sanitization of the PYTHONPATH environment variable by installing debuginfo packages into cache
https://notcve.org/view.php?id=CVE-2012-5659
Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module. Vulnerabilidad de búsqueda en ruta no confiable en plugins/abrt-action-install-debuginfo-to-abrt-cache.c en Automatic Bug Reporting Tool (ABRT) v2.0.9 y anteriores, permite a usuarios locales cargar y ejecutar módulos Python arbitrariamente modificando la variable de entorno PYTHONPATH para referenciar a un módulo Python malicioso. • http://git.fedorahosted.org/cgit/abrt.git/commit/?id=b173d81b577953b96a282167c7eecd66bf111a4f http://rhn.redhat.com/errata/RHSA-2013-0215.html https://bugzilla.redhat.com/show_bug.cgi?id=854011 https://access.redhat.com/security/cve/CVE-2012-5659 •
CVSS: 6.9EPSS: 0%CPEs: 12EXPL: 1CVE-2012-5660 – abrt: Race condition in abrt-action-install-debuginfo
https://notcve.org/view.php?id=CVE-2012-5660
abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes." abrt-action-install-debuginfo en Automatic Bug Reporting Tool (ABRT) v2.0.9 y anteriores, permite a usuarios locales establecer permisos de lectura globales para archivos de su elección y posiblemente obtener privilegios a través de un ataque de enlace simbólico (symlink) sobre "los directorios utilizados para almacenar información acerca de caídas del servicio". • http://git.fedorahosted.org/cgit/libreport.git/commit/?id=3bbf961b1884dd32654dd39b360dd78ef294b10a http://rhn.redhat.com/errata/RHSA-2013-0215.html https://bugzilla.redhat.com/show_bug.cgi?id=887866 https://access.redhat.com/security/cve/CVE-2012-5660 • CWE-264: Permissions, Privileges, and Access Controls CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-426: Untrusted Search Path •