CVE-2012-5660 - OpenCVE

abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Automatic Bug Reporting Tool

Configuration 1 [-]

OR	cpe:2.3:a:redhat:automatic_bug_reporting_tool::::::::
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.0:::::::*
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.1:::::::*
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.2:::::::*
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.3:::::::*
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4:::::::*
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4.980:::::::*
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4.981:::::::*
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.5:::::::*
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.6:::::::*
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.7:::::::*
	cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.8:::::::*

References

Link	Resource
http://git.fedorahosted.org/cgit/libreport.git/commit/?id=3bbf961b1884dd32654dd39b360dd78ef294b10a	Exploit Patch
http://rhn.redhat.com/errata/RHSA-2013-0215.html
https://bugzilla.redhat.com/show_bug.cgi?id=887866

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-12T22:00:00Z

Updated: 2013-03-12T22:00:00Z

Reserved: 2012-10-24T00:00:00Z

Link: CVE-2012-5660

JSON object: View

NVD Information

Status : Modified

Published: 2013-03-12T23:55:01.610

Modified: 2023-02-13T04:37:50.283

Link: CVE-2012-5660

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D19F1BD-9843-432A-B303-1DD3F87CB4B6", "versionEndIncluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C89B966A-5D56-4926-A979-54ECF2DBCFB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D37CA6FA-978B-43C6-90D0-5D28CD2F7AA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2E7F9FFA-BF4A-4EAA-9807-2AFF279FAD06", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6A8F7CC-9E5E-4463-9040-252E1A568220", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C9E13C48-AA37-46A7-BD67-FBB242563D44", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4.980:*:*:*:*:*:*:*", "matchCriteriaId": "4C0E251E-F968-4191-80D1-2EC2A0FA128A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.4.981:*:*:*:*:*:*:*", "matchCriteriaId": "BEC26A29-9E64-472F-A3DC-7D62AF55EE3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8F8AAB96-7D1E-4F69-8F8F-A8B54C69ED12", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "7AB36A8D-176D-4A24-811D-938CE3B90472", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "840907BF-0AE0-486D-BABD-7E1443CB8E4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:automatic_bug_reporting_tool:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "7EC0DA15-71FB-4C10-A67A-F4A8A838ADAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on \"the directories used to store information about crashes.\""}, {"lang": "es", "value": "abrt-action-install-debuginfo en Automatic Bug Reporting Tool (ABRT) v2.0.9 y anteriores, permite a usuarios locales establecer permisos de lectura globales para archivos de su elecci\u00f3n y posiblemente obtener privilegios a trav\u00e9s de un ataque de enlace simb\u00f3lico (symlink) sobre \"los directorios utilizados para almacenar informaci\u00f3n acerca de ca\u00eddas del servicio\"."}], "id": "CVE-2012-5660", "lastModified": "2023-02-13T04:37:50.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-12T23:55:01.610", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://git.fedorahosted.org/cgit/libreport.git/commit/?id=3bbf961b1884dd32654dd39b360dd78ef294b10a"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0215.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=887866"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}, {"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}