CVE-2012-5659

Published: Mar 12, 2013Modified: Apr 29, 2026

3.7

Vector

AV:L/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 1.9 / Impact: 6.4

Source: NVD

Description

Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module.

Affected (12)

Products: Redhat: Automatic Bug Reporting Tool

Redhat

1 product

Automatic Bug Reporting Tool

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Redhat Automatic Bug Reporting Tool	Up to 2.0.9
Redhat Automatic Bug Reporting Tool	Version 2.0.0
Redhat Automatic Bug Reporting Tool	Version 2.0.1
Redhat Automatic Bug Reporting Tool	Version 2.0.2
Redhat Automatic Bug Reporting Tool	Version 2.0.3
Redhat Automatic Bug Reporting Tool	Version 2.0.4.980
Redhat Automatic Bug Reporting Tool	Version 2.0.4.981
Redhat Automatic Bug Reporting Tool	Version 2.0.4
Redhat Automatic Bug Reporting Tool	Version 2.0.5
Redhat Automatic Bug Reporting Tool	Version 2.0.6
Redhat Automatic Bug Reporting Tool	Version 2.0.7
Redhat Automatic Bug Reporting Tool	Version 2.0.8

References (6)

http://git.fedorahosted.org/cgit/abrt.git/commit/?id=b173d81b577953b96a282167c7eecd66bf111a4f

Source: secalert@redhat.com

ExploitPatch

http://rhn.redhat.com/errata/RHSA-2013-0215.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=854011

Source: secalert@redhat.com

http://git.fedorahosted.org/cgit/abrt.git/commit/?id=b173d81b577953b96a282167c7eecd66bf111a4f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://rhn.redhat.com/errata/RHSA-2013-0215.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=854011

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.