LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

abrt and libreport: two privilege escalation flaws

Package(s):abrt and libreport CVE #(s):CVE-2012-5659 CVE-2012-5660
Created:February 1, 2013 Updated:February 10, 2013
Description:

From the Red Hat advisory:

It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659)

A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660)

Alerts:
Red Hat RHSA-2013:0215-01 2013-01-31
CentOS CESA-2013:0215 2013-02-01
CentOS CESA-2013:0215 2013-02-01
Oracle ELSA-2013-0215 2013-02-01
Scientific Linux SL-NotF-20130201 2013-02-01
Mageia MGASA-2013-0047 2013-02-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds