Detections
Analytics

MiracleLinux 4 : abrt-2.0.8-6.0.1.AXS4, btparser-0.16-3.AXS4, libreport-2.0.9-5.0.1.AXS4, python-meh-0.12.1-3.AXS4 (AXSA:2012-870:02)

high Nessus Plugin ID 284381

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-870:02 advisory.

 Description of problem:
 abrt abrt is a tool to help users to detect defects in applications and to create a bug report with all informations needed by maintainer to fix it. It uses plugin system to extend its functionality.
 libreport Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...
 btparser Btparser is a backtrace parser and analyzer, which works with backtraces produced by the GNU Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze the threads and frames of the backtrace and work with them.
 Btparser also contains some backtrace manipulation and extraction routines:
 it can find a frame in the crash-time backtrace where the program most likely crashed (a chance is that the function described in that frame is buggy) it can produce a duplication hash of the backtrace, which helps to discover that two crash-time backtraces are duplicates, triggered by the same flaw of the code it can rate the backtrace quality, which depends on the number of frames with and without the function name known (missing function name is caused by missing debugging symbols) python-meh The python-meh package is a python library for handling, saving, and reporting exceptions.
 Security issues fixed with this release:
 CVE-2011-4088 No description available at the time of writing, please use the CVE links below.
 CVE-2012-1106 The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3412

Plugin Details

Severity: High

ID: 284381

File Name: miracle_linux_AXSA-2012-870.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2011-4088

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:libreport-python, p-cpe:/a:miracle:linux:abrt-cli, p-cpe:/a:miracle:linux:abrt-addon-python, p-cpe:/a:miracle:linux:btparser, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:libreport-plugin-kerneloops, p-cpe:/a:miracle:linux:abrt, p-cpe:/a:miracle:linux:libreport, p-cpe:/a:miracle:linux:python-meh, p-cpe:/a:miracle:linux:libreport-newt, p-cpe:/a:miracle:linux:libreport-plugin-rhtsupport, p-cpe:/a:miracle:linux:abrt-addon-ccpp, p-cpe:/a:miracle:linux:abrt-tui, p-cpe:/a:miracle:linux:abrt-gui, p-cpe:/a:miracle:linux:libreport-plugin-logger, p-cpe:/a:miracle:linux:abrt-addon-kerneloops, p-cpe:/a:miracle:linux:abrt-libs, p-cpe:/a:miracle:linux:abrt-desktop, p-cpe:/a:miracle:linux:libreport-gtk, p-cpe:/a:miracle:linux:libreport-plugin-reportuploader, p-cpe:/a:miracle:linux:libreport-plugin-mailx, p-cpe:/a:miracle:linux:libreport-cli

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/11/2012

Vulnerability Publication Date: 12/16/2011

Reference Information

CVE: CVE-2011-4088, CVE-2012-1106