CVE-2012-5660: Race Condition

First published: Mon Dec 17 2012(Updated: )

A race condition was found in the way abrt handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, allowing them to make any file writable by the abrt user, allowing them to escalate their privileges to the privileged system user account, root. This issue was assigned <a href="https://access.redhat.com/security/cve/CVE-2012-5660">CVE-2012-5660</a>. Acknowledgements: Red Hat would like to thank Martin Carpenter of Citco for reporting this issue.

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/references
• agent/severity
• agent/author
• agent/tags
• agent/type
• agent/event
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• agent/remedy
• agent/description
• agent/weakness
• collector/mitre-cve
• source/MITRE
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2012-5660
• vendor/redhat
• canonical/redhat automatic bug reporting tool
• version/redhat automatic bug reporting tool/2.0.9
• version/redhat automatic bug reporting tool/2.0.0
• version/redhat automatic bug reporting tool/2.0.1
• version/redhat automatic bug reporting tool/2.0.2
• version/redhat automatic bug reporting tool/2.0.3
• version/redhat automatic bug reporting tool/2.0.4
• version/redhat automatic bug reporting tool/2.0.4.980
• version/redhat automatic bug reporting tool/2.0.4.981
• version/redhat automatic bug reporting tool/2.0.5
• version/redhat automatic bug reporting tool/2.0.6
• version/redhat automatic bug reporting tool/2.0.7
• version/redhat automatic bug reporting tool/2.0.8