CVE-2012-5659

6 documents5 sources

Severity

3.7LOW

EPSS

0.1%

top 79.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Automatic BUG Reporting Tool

Timeline

PublishedMar 12

Latest updateMay 17

Description

Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/automatic_bug_reporting_tool2.0.9+11

Patches

Patch: git.fedorahosted.org ↗Patch: git.fedorahosted.org ↗

🔴Vulnerability Details

GHSA

GHSA-p65h-g398-8mm3: Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache↗2022-05-17

▶

CVEList

CVE-2012-5659: Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache↗2013-03-12

▶

📋Vendor Advisories

Red Hat

abrt: Arbitrary Python code execution due improper sanitization of the PYTHONPATH environment variable by installing debuginfo packages into cache↗2013-01-30

▶

💬Community

Bugzilla

CVE-2012-5659 CVE-2012-5660 abrt various flaws [fedora-all]↗2013-01-31

▶

Bugzilla

CVE-2012-5659 abrt: Arbitrary Python code execution due improper sanitization of the PYTHONPATH environment variable by installing debuginfo packages into cache↗2012-09-03

▶