Scientific Linux Security Update : abrt and libreport on SL6.x i386/x86_64

Medium Nessus Plugin ID 64423


The remote Scientific Linux host is missing one or more security updates.


It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659)

A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660)


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 64423

File Name: sl_20130131_abrt_and_libreport_on_SL6_x.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2013/02/04

Modified: 2013/03/20

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2013/01/31

Reference Information

CVE: CVE-2012-5659, CVE-2012-5660