CVE-2012-5659

Name of the Vulnerable Software and Affected Versions abrt versions 2.0.8 and earlier abrt-addon-ccpp versions 2.0.8 and earlier abrt-addon-kerneloops versions 2.0.8 and earlier abrt-addon-python versions 2.0.8 and earlier abrt-addon-vmcore versions 2.0.8 and earlier abrt-cli versions 2.0.8 and earlier abrt-debuginfo versions 2.0.8 and earlier abrt-devel versions 2.0.8 and earlier abrt-desktop versions 2.0.8 and earlier abrt-gui versions 2.0.8 and earlier abrt-libs versions 2.0.8 and earlier abrt-tui versions 2.0.8 and earlier libreport versions 2.0.9 and earlier libreport-cli versions 2.0.9 and earlier libreport-debuginfo versions 2.0.9 and earlier libreport-devel versions 2.0.9 and earlier libreport-gtk versions 2.0.9 and earlier libreport-gtk-devel versions 2.0.9 and earlier libreport-newt versions 2.0.9 and earlier libreport-plugin-bugzilla versions 2.0.9 and earlier libreport-plugin-kerneloops versions 2.0.9 and earlier libreport-plugin-logger versions 2.0.9 and earlier libreport-plugin-mailx versions 2.0.9 and earlier libreport-plugin-reportuploader versions 2.0.9 and earlier libreport-plugin-rhtsupport versions 2.0.9 and earlier libreport-python versions 2.0.9 and earlier

Description The issue is related to multiple vulnerabilities in various packages of the Automatic Bug Reporting Tool (ABRT) and libreport. These vulnerabilities can be exploited locally, potentially leading to a breach of confidentiality, integrity, and availability of protected information. According to the information provided, the exploitation can be carried out by modifying the PYTHONPATH environment variable to reference a malicious Python module, allowing local users to load and execute arbitrary Python modules.

Recommendations For abrt versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-ccpp versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-kerneloops versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-python versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-vmcore versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-cli versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-debuginfo versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-devel versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-desktop versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-gui versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-libs versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-tui versions 2.0.8 and earlier, update to a version later than 2.0.8. For libreport versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-cli versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-debuginfo versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-devel versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-gtk versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-gtk-devel versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-newt versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-bugzilla versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-kerneloops versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-logger versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-mailx versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-reportuploader versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-rhtsupport versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-python versions 2.0.9 and earlier, update to a version later than 2.0.9. As a temporary workaround, consider restricting access to the PYTHONPATH environment variable to prevent local users from loading and executing arbitrary Python modules.