CVE-2012-5660

Name of the Vulnerable Software and Affected Versions abrt versions 2.0.8 and earlier abrt-addon-ccpp versions 2.0.8 and earlier abrt-addon-kerneloops versions 2.0.8 and earlier abrt-addon-python versions 2.0.8 and earlier abrt-addon-vmcore versions 2.0.8 and earlier abrt-cli versions 2.0.8 and earlier abrt-debuginfo versions 2.0.8 and earlier abrt-devel versions 2.0.8 and earlier abrt-desktop versions 2.0.8 and earlier abrt-gui versions 2.0.8 and earlier abrt-libs versions 2.0.8 and earlier abrt-tui versions 2.0.8 and earlier libreport versions 2.0.9 and earlier libreport-cli versions 2.0.9 and earlier libreport-debuginfo versions 2.0.9 and earlier libreport-devel versions 2.0.9 and earlier libreport-gtk versions 2.0.9 and earlier libreport-gtk-devel versions 2.0.9 and earlier libreport-newt versions 2.0.9 and earlier libreport-plugin-bugzilla versions 2.0.9 and earlier libreport-plugin-kerneloops versions 2.0.9 and earlier libreport-plugin-logger versions 2.0.9 and earlier libreport-plugin-mailx versions 2.0.9 and earlier libreport-plugin-reportuploader versions 2.0.9 and earlier libreport-plugin-rhtsupport versions 2.0.9 and earlier libreport-python versions 2.0.9 and earlier

Description The issue concerns multiple vulnerabilities in various packages of the Automatic Bug Reporting Tool (ABRT) and libreport, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. The exploitation may allow attackers to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on the directories used to store information about crashes.

Recommendations For abrt versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-ccpp versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-kerneloops versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-python versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-vmcore versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-cli versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-debuginfo versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-devel versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-desktop versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-gui versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-libs versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-tui versions 2.0.8 and earlier, update to a version later than 2.0.8. For libreport versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-cli versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-debuginfo versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-devel versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-gtk versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-gtk-devel versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-newt versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-bugzilla versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-kerneloops versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-logger versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-mailx versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-reportuploader versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-rhtsupport versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-python versions 2.0.9 and earlier, update to a version later than 2.0.9. As a temporary workaround, consider disabling the abrt-action-install-debuginfo function until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable packages until the issue is resolved.