← Back

CVE-2012-5660

nvd nist
Published: Mar 12, 2013Modified: Apr 29, 2026

JSON object

Loading...
6.9
Vector
AV:L/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 3.4 / Impact: 10.0
Source: NVD

Description

abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."

Affected (12)

Redhat
1 product
Automatic Bug Reporting Tool
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Automatic Bug Reporting Tool
Up to 2.0.9
Automatic Bug Reporting Tool
Version 2.0.0
Automatic Bug Reporting Tool
Version 2.0.1
Automatic Bug Reporting Tool
Version 2.0.2
Automatic Bug Reporting Tool
Version 2.0.3
Automatic Bug Reporting Tool
Version 2.0.4.980
Automatic Bug Reporting Tool
Version 2.0.4.981
Automatic Bug Reporting Tool
Version 2.0.4
Automatic Bug Reporting Tool
Version 2.0.5
Automatic Bug Reporting Tool
Version 2.0.6
Automatic Bug Reporting Tool
Version 2.0.7
Automatic Bug Reporting Tool
Version 2.0.8

Related CWEs

CWE-264
CWE-264
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (6)

Source: secalert@redhat.com
ExploitPatch
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.