Vulnerabilities > CVE-2012-5660 - Race Condition vulnerability in Redhat Automatic BUG Reporting Tool

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

redhat

CWE-362

nessus

NVD

Published: 2013-03-12

Updated: 2023-02-13

Summary

abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Automatic BUG Reporting Tool 2.0.6 Redhat Automatic BUG Reporting Tool 2.0.4.981 Redhat Automatic BUG Reporting Tool 2.0.8 Redhat Automatic BUG Reporting Tool - Redhat Automatic BUG Reporting Tool 0.0.2 Redhat Automatic BUG Reporting Tool 0.0.3 Redhat Automatic BUG Reporting Tool 0.0.4 Redhat Automatic BUG Reporting Tool 0.0.6 Redhat Automatic BUG Reporting Tool 0.0.7 Redhat Automatic BUG Reporting Tool 0.0.7.1 Redhat Automatic BUG Reporting Tool 0.0.8 Redhat Automatic BUG Reporting Tool 0.0.8.5 Redhat Automatic BUG Reporting Tool 0.0.9 Redhat Automatic BUG Reporting Tool 0.0.10 Redhat Automatic BUG Reporting Tool 0.0.11 Redhat Automatic BUG Reporting Tool 1.0 Redhat Automatic BUG Reporting Tool 1.0.1 Redhat Automatic BUG Reporting Tool 1.0.2 Redhat Automatic BUG Reporting Tool 1.0.3 Redhat Automatic BUG Reporting Tool 1.0.4 Redhat Automatic BUG Reporting Tool 1.0.5 Redhat Automatic BUG Reporting Tool 1.0.6 Redhat Automatic BUG Reporting Tool 1.0.7 Redhat Automatic BUG Reporting Tool 1.0.7-El6 Redhat Automatic BUG Reporting Tool 1.0.7.F12 Redhat Automatic BUG Reporting Tool 1.0.8 Redhat Automatic BUG Reporting Tool 1.0.9 Redhat Automatic BUG Reporting Tool 1.1.0 Redhat Automatic BUG Reporting Tool 1.1.1 Redhat Automatic BUG Reporting Tool 1.1.2 Redhat Automatic BUG Reporting Tool 1.1.3 Redhat Automatic BUG Reporting Tool 1.1.4 Redhat Automatic BUG Reporting Tool 1.1.5 Redhat Automatic BUG Reporting Tool 1.1.6 Redhat Automatic BUG Reporting Tool 1.1.7 Redhat Automatic BUG Reporting Tool 1.1.8 Redhat Automatic BUG Reporting Tool 1.1.9 Redhat Automatic BUG Reporting Tool 1.1.10 Redhat Automatic BUG Reporting Tool 1.1.11 Redhat Automatic BUG Reporting Tool 1.1.12 Redhat Automatic BUG Reporting Tool 1.1.13 Redhat Automatic BUG Reporting Tool 1.1.14 Redhat Automatic BUG Reporting Tool 1.1.15 Redhat Automatic BUG Reporting Tool 1.1.16 Redhat Automatic BUG Reporting Tool 1.1.17 Redhat Automatic BUG Reporting Tool 2.0.0 Redhat Automatic BUG Reporting Tool 2.0.1 Redhat Automatic BUG Reporting Tool 2.0.2 Redhat Automatic BUG Reporting Tool 2.0.3 Redhat Automatic BUG Reporting Tool 2.0.4 Redhat Automatic BUG Reporting Tool 2.0.4.980 Redhat Automatic BUG Reporting Tool 2.0.5 Redhat Automatic BUG Reporting Tool 2.0.7 Redhat Automatic BUG Reporting Tool 2.0.9	54

Common Weakness Enumeration (CWE)

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Common Attack Pattern Enumeration and Classification (CAPEC)

Leveraging Race Conditions
This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0215.NASL
description	Updated abrt and libreport packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660) Red Hat would like to thank Martin Carpenter of Citco for reporting the CVE-2012-5660 issue. CVE-2012-5659 was discovered by Miloslav Trmac of Red Hat. All users of abrt and libreport are advised to upgrade to these updated packages, which correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	64389
published	2013-02-01
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64389
title	RHEL 6 : abrt and libreport (RHSA-2013:0215)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0215. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(64389); script_version("1.19"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-5659", "CVE-2012-5660"); script_bugtraq_id(57661, 57662); script_xref(name:"RHSA", value:"2013:0215"); script_name(english:"RHEL 6 : abrt and libreport (RHSA-2013:0215)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated abrt and libreport packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660) Red Hat would like to thank Martin Carpenter of Citco for reporting the CVE-2012-5660 issue. CVE-2012-5659 was discovered by Miloslav Trmac of Red Hat. All users of abrt and libreport are advised to upgrade to these updated packages, which correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0215" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-5659" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-5660" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-addon-ccpp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-addon-kerneloops"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-addon-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-addon-vmcore"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-tui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-gtk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-newt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-bugzilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-kerneloops"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-logger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-mailx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-reportuploader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-rhtsupport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0215"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-addon-ccpp-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-addon-ccpp-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-addon-ccpp-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-addon-kerneloops-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-addon-kerneloops-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-addon-kerneloops-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-addon-python-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-addon-python-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-addon-python-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-addon-vmcore-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-addon-vmcore-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-addon-vmcore-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-cli-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-cli-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-cli-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", reference:"abrt-debuginfo-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-desktop-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-desktop-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-desktop-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", reference:"abrt-devel-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-gui-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-gui-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-gui-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", reference:"abrt-libs-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-tui-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-tui-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-tui-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", reference:"libreport-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-cli-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-cli-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-cli-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", reference:"libreport-debuginfo-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", reference:"libreport-devel-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", reference:"libreport-gtk-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", reference:"libreport-gtk-devel-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-newt-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-newt-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-newt-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-bugzilla-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-bugzilla-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-bugzilla-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-kerneloops-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-kerneloops-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-kerneloops-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-logger-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-logger-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-logger-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-mailx-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-mailx-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-mailx-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-reportuploader-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-reportuploader-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-reportuploader-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-rhtsupport-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-rhtsupport-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-rhtsupport-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-python-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-python-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-python-2.0.9-5.el6_3.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc"); } }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130131_ABRT_AND_LIBREPORT_ON_SL6_X.NASL
description	It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660)
last seen	2020-03-18
modified	2013-02-04
plugin id	64423
published	2013-02-04
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64423
title	Scientific Linux Security Update : abrt and libreport on SL6.x i386/x86_64 (20130131)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(64423); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2012-5659", "CVE-2012-5660"); script_name(english:"Scientific Linux Security Update : abrt and libreport on SL6.x i386/x86_64 (20130131)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=465 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?18500da3" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-addon-ccpp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-addon-kerneloops"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-addon-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-addon-vmcore"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-tui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-gtk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-newt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-bugzilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-kerneloops"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-logger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-mailx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-reportuploader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-rhtsupport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-python"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"abrt-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-addon-ccpp-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-addon-kerneloops-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-addon-python-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-addon-vmcore-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-cli-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-debuginfo-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-desktop-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-devel-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-gui-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-libs-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"abrt-tui-2.0.8-6.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-cli-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-debuginfo-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-devel-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-gtk-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-gtk-devel-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-newt-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-plugin-bugzilla-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-plugin-kerneloops-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-plugin-logger-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-plugin-mailx-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-plugin-reportuploader-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-plugin-rhtsupport-2.0.9-5.el6_3.2")) flag++; if (rpm_check(release:"SL6", reference:"libreport-python-2.0.9-5.el6_3.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0215.NASL
description	From Red Hat Security Advisory 2013:0215 : Updated abrt and libreport packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660) Red Hat would like to thank Martin Carpenter of Citco for reporting the CVE-2012-5660 issue. CVE-2012-5659 was discovered by Miloslav Trmac of Red Hat. All users of abrt and libreport are advised to upgrade to these updated packages, which correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	68719
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68719
title	Oracle Linux 6 : abrt / libreport (ELSA-2013-0215)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0215 and # Oracle Linux Security Advisory ELSA-2013-0215 respectively. # include("compat.inc"); if (description) { script_id(68719); script_version("1.6"); script_cvs_date("Date: 2019/09/30 10:58:18"); script_cve_id("CVE-2012-5659", "CVE-2012-5660"); script_bugtraq_id(57661, 57662); script_xref(name:"RHSA", value:"2013:0215"); script_name(english:"Oracle Linux 6 : abrt / libreport (ELSA-2013-0215)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:0215 : Updated abrt and libreport packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660) Red Hat would like to thank Martin Carpenter of Citco for reporting the CVE-2012-5660 issue. CVE-2012-5659 was discovered by Miloslav Trmac of Red Hat. All users of abrt and libreport are advised to upgrade to these updated packages, which correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-February/003235.html" ); script_set_attribute( attribute:"solution", value:"Update the affected abrt and / or libreport packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-ccpp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-kerneloops"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-vmcore"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-tui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-gtk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-newt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-bugzilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-kerneloops"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-logger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-mailx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-reportuploader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"abrt-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"abrt-addon-ccpp-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"abrt-addon-kerneloops-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"abrt-addon-python-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"abrt-addon-vmcore-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"abrt-cli-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"abrt-desktop-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"abrt-devel-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"abrt-gui-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"abrt-libs-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"abrt-tui-2.0.8-6.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-cli-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-devel-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-gtk-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-gtk-devel-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-newt-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-plugin-bugzilla-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-plugin-kerneloops-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-plugin-logger-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-plugin-mailx-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-plugin-reportuploader-2.0.9-5.0.1.el6_3.2")) flag++; if (rpm_check(release:"EL6", reference:"libreport-python-2.0.9-5.0.1.el6_3.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0215.NASL
description	Updated abrt and libreport packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660) Red Hat would like to thank Martin Carpenter of Citco for reporting the CVE-2012-5660 issue. CVE-2012-5659 was discovered by Miloslav Trmac of Red Hat. All users of abrt and libreport are advised to upgrade to these updated packages, which correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	64382
published	2013-02-01
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64382
title	CentOS 6 : abrt / libreport (CESA-2013:0215)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0215 and # CentOS Errata and Security Advisory 2013:0215 respectively. # include("compat.inc"); if (description) { script_id(64382); script_version("1.10"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2012-5659", "CVE-2012-5660"); script_bugtraq_id(57661, 57662); script_xref(name:"RHSA", value:"2013:0215"); script_name(english:"CentOS 6 : abrt / libreport (CESA-2013:0215)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated abrt and libreport packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660) Red Hat would like to thank Martin Carpenter of Citco for reporting the CVE-2012-5660 issue. CVE-2012-5659 was discovered by Miloslav Trmac of Red Hat. All users of abrt and libreport are advised to upgrade to these updated packages, which correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2013-February/019225.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d5063fe8" ); # https://lists.centos.org/pipermail/centos-announce/2013-February/019226.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5150248c" ); script_set_attribute( attribute:"solution", value:"Update the affected abrt and / or libreport packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5660"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt-addon-ccpp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt-addon-kerneloops"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt-addon-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt-addon-vmcore"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:abrt-tui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-gtk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-newt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-plugin-bugzilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-plugin-kerneloops"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-plugin-logger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-plugin-mailx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-plugin-reportuploader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-plugin-rhtsupport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libreport-python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"abrt-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"abrt-addon-ccpp-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"abrt-addon-kerneloops-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"abrt-addon-python-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"abrt-addon-vmcore-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"abrt-cli-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"abrt-desktop-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"abrt-devel-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"abrt-gui-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"abrt-libs-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"abrt-tui-2.0.8-6.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-cli-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-devel-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-gtk-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-gtk-devel-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-newt-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-plugin-bugzilla-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-plugin-kerneloops-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-plugin-logger-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-plugin-mailx-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-plugin-reportuploader-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-plugin-rhtsupport-2.0.9-5.el6.centos.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"libreport-python-2.0.9-5.el6.centos.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc"); }

Redhat

advisories

bugzilla

id	887866
title	CVE-2012-5660 abrt: Race condition in abrt-action-install-debuginfo

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment libreport-newt is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215001
comment libreport-newt is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841032

AND

comment libreport-plugin-mailx is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215003
comment libreport-plugin-mailx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841046

AND

comment libreport-plugin-logger is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215005
comment libreport-plugin-logger is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841040

AND

comment libreport-plugin-reportuploader is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215007
comment libreport-plugin-reportuploader is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841042

AND
comment libreport is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215009
comment libreport is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841034

AND

comment libreport-python is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215011
comment libreport-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841048

AND

comment libreport-plugin-kerneloops is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215013
comment libreport-plugin-kerneloops is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841036

AND
comment libreport-gtk is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215015
comment libreport-gtk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841044

AND

comment libreport-plugin-rhtsupport is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215017
comment libreport-plugin-rhtsupport is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841050

AND
comment libreport-cli is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215019
comment libreport-cli is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841038

AND

comment libreport-devel is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215021
comment libreport-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841056

AND

comment libreport-plugin-bugzilla is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215023
comment libreport-plugin-bugzilla is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841054

AND

comment libreport-gtk-devel is earlier than 0:2.0.9-5.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215025
comment libreport-gtk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841052

AND

comment abrt-addon-vmcore is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215027
comment abrt-addon-vmcore is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841028

AND
comment abrt-desktop is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215029
comment abrt-desktop is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841014
AND
comment abrt-devel is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215031
comment abrt-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841030
AND
comment abrt-gui is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215033
comment abrt-gui is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841022

AND

comment abrt-addon-ccpp is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215035
comment abrt-addon-ccpp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841018

AND
comment abrt is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215037
comment abrt is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841020

AND

comment abrt-addon-kerneloops is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215039
comment abrt-addon-kerneloops is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841012

AND
comment abrt-libs is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215041
comment abrt-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841016
AND
comment abrt-tui is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215043
comment abrt-tui is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841024
AND
comment abrt-cli is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215045
comment abrt-cli is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841026

AND

comment abrt-addon-python is earlier than 0:2.0.8-6.el6_3.2
oval oval:com.redhat.rhsa:tst:20130215047
comment abrt-addon-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120841010

rhsa

id	RHSA-2013:0215
released	2013-01-31
severity	Important
title	RHSA-2013:0215: abrt and libreport security update (Important)

rpms

abrt-0:2.0.8-6.el6_3.2
abrt-addon-ccpp-0:2.0.8-6.el6_3.2
abrt-addon-kerneloops-0:2.0.8-6.el6_3.2
abrt-addon-python-0:2.0.8-6.el6_3.2
abrt-addon-vmcore-0:2.0.8-6.el6_3.2
abrt-cli-0:2.0.8-6.el6_3.2
abrt-debuginfo-0:2.0.8-6.el6_3.2
abrt-desktop-0:2.0.8-6.el6_3.2
abrt-devel-0:2.0.8-6.el6_3.2
abrt-gui-0:2.0.8-6.el6_3.2
abrt-libs-0:2.0.8-6.el6_3.2
abrt-tui-0:2.0.8-6.el6_3.2
libreport-0:2.0.9-5.el6_3.2
libreport-cli-0:2.0.9-5.el6_3.2
libreport-debuginfo-0:2.0.9-5.el6_3.2
libreport-devel-0:2.0.9-5.el6_3.2
libreport-gtk-0:2.0.9-5.el6_3.2
libreport-gtk-devel-0:2.0.9-5.el6_3.2
libreport-newt-0:2.0.9-5.el6_3.2
libreport-plugin-bugzilla-0:2.0.9-5.el6_3.2
libreport-plugin-kerneloops-0:2.0.9-5.el6_3.2
libreport-plugin-logger-0:2.0.9-5.el6_3.2
libreport-plugin-mailx-0:2.0.9-5.el6_3.2
libreport-plugin-reportuploader-0:2.0.9-5.el6_3.2
libreport-plugin-rhtsupport-0:2.0.9-5.el6_3.2
libreport-python-0:2.0.9-5.el6_3.2

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References