CVE-2013-4209
Description
A local user can infer the SHA1 hash of an arbitrary file via ABRT's privilege-check bypass, leaking sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local user can infer the SHA1 hash of an arbitrary file via ABRT's privilege-check bypass, leaking sensitive information.
Vulnerability
A flaw in Automatic Bug Reporting Tool (ABRT) before version 2.1.6 allows local users to obtain the sha1sum of files they should not have read access to. The issue is present in versions shipped with Red Hat Enterprise Linux 6, but was fixed in version 2.1.6 [1].
Exploitation
A local attacker with low privileges can exploit this by triggering ABRT's logic in a way that bypasses the expected access controls. The exact steps are not detailed publicly, but the attacker does not need any special capabilities beyond local shell access [1].
Impact
On success, the attacker learns the SHA1 checksum of a targeted file. While this is not full disclosure of the file's content, it can be used to infer the presence or identity of information without proper authorization [1].
Mitigation
The vulnerability is fixed in ABRT version 2.1.6, which was released and shipped to affected products on 2013-09-06 [1]. Users should update their ABRT packages to this version or later. Red Hat Enterprise Linux 6 was not affected by this issue [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <2.1.6
Patches
109026f91002cNew version 2.1.6
1 file changed · +59 −3
abrt.spec.in+59 −3 modified@@ -38,7 +38,7 @@ %define shadow_utils shadow-utils %endif -%define libreport_ver 2.1.5 +%define libreport_ver 2.1.6 Summary: Automatic bug detection and reporting tool Name: abrt @@ -64,9 +64,9 @@ BuildRequires: asciidoc BuildRequires: doxygen BuildRequires: xmlto BuildRequires: libreport-devel >= %{libreport_ver} -BuildRequires: satyr-devel >= 0.4 +BuildRequires: satyr-devel >= 0.5 Requires: libreport >= %{libreport_ver} -Requires: satyr >= 0.4 +Requires: satyr >= 0.5 # these only exist on suse %if 0%{?suse_version} BuildRequires: dbus-1-glib-devel @@ -828,6 +828,62 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %config(noreplace) %{_sysconfdir}/profile.d/abrt-console-notification.sh %changelog +* Fri Jul 26 2013 Jakub Filak <jfilak@redhat.com> 2.1.6-1 +- replace functions deprecated in Gtk-3.10 with their substitutes +- use shared GLib initialization function +- a-a-g-c-b: Unwind using GDB +- abrtd: fix on top of "prevent possible leak of malloced worst_dir" +- testsuite: recognize uReport2 +- a-handle-event: check if satyr supports the analyzer +- abrtd: prevent possible leak of malloced worst_dir +- use absolute path in python shebang rhzb#987010 +- moved parse_list to the shared library in libreport - related to rhbz#803772 +- testsuite: do not require core_backtrace in koops problems +- testsuite: update path to XML event config base dir +- abrt-action-save-package-data: properly close rpm database. Closes #674. +- abrt-action-save-package-data: fix handling of ProcessUnpackaged on scripts +- blacklisted-script: new test +- abrt-action-save-package-data manpage: typo fix +- change /var/spool/abrt/ to /var/tmp/abrt rhbz#912750 +- Fix RPMdiff warnings about abrtd and abrt-action-install-debuginfo-to-abrt-cache +- specfile: add dependency on abrt-libs to abrt-addon-uefioops +- stop using the hardcoded event list, use workflows instead rhbz#866027 +- retrace-client: build correct release for Fedora Rawhide +- spec: drop unnecessary Obsoletes and Provides +- correct FSF address in python exception hook +- spec: add manual pages to packages +- add all missing manual pages +- fix rpmlint issues in the spec file +- move event option XML files to /usr/share/libreport/ +- spec: replace btparser with satyr +- Update satyr support, drop btparser compatibility +- abrt-hook-ccpp: always fall back to creating user core. +- testsuite: fixed cli test closes #671 +- abrt-gdb-exploitable: comment-out dead code +- spec: specify all conf files +- abrt-gdb-exploitable: formatting +- abrt-gdb-exploitable: improve signal analysis by looking at siginfo.si_code +- abrt-gdb-exploitable: first cut of ppc support +- abrt-gdb-exploitable: x86 factoring-out +- dbus: add GetForeignProblems method +- problem API: add function getting list of inaccessible problem IDs +- the system tray icon opens recently detected problem +- testsuite: fix abrt-python test to work on rhel6 +- testsuite: enable abrt-python test for rhel6 +- specfile: hook up vulnerability analyzer +- Add gdb python plugin which analyzes coredump for vulnerability +- applet: stop saving configuration at exit +- spec: add system-config-abrt stuff +- introduce system-config-abrt +- move initialization of shortened reporting option to libabrt +- abrt-cli status: fix the output +- Fix wrong path in shell include +- Make rhel6/python-addon test to test for old behaviour +- tests/runtests/python-addon: check for "Python", not "pyhook" +- abrt-dump-xorg: save "type=xorg" along with "analyzer=xorg" +- Update python hook to use fixed socket interface +- abrt-server: updates/fixes for future rasdaemon needs + * Fri Jun 14 2013 Jakub Filak <jfilak@redhat.com> 2.1.5-1 - spec: require tar closes #635 - spec: tui should require abrt closes #633
Vulnerability mechanics
Root cause
"Missing access control in ABRT's handling of sha1sums allows local users to read arbitrary files."
Attack vector
A local user can exploit this vulnerability to obtain sensitive information about arbitrary files on the system. The attack vector involves vectors related to sha1sums, though the exact mechanism is not detailed in the supplied materials. No authentication beyond local user access is required, and no special network path is needed since the attack is local.
Affected code
The patch is a version bump to 2.1.6 that updates dependencies (libreport to 2.1.6, satyr to 0.5) and includes many changelog entries, but does not show a specific code diff addressing the sha1sums information disclosure. The advisory does not identify a specific function or file path for this vulnerability.
What the fix does
The patch updates the ABRT package from version 2.1.5 to 2.1.6, which includes a dependency bump for libreport to 2.1.6 and satyr to 0.5. The changelog does not contain an entry explicitly describing a fix for sha1sums information disclosure, and no code-level diff is present in the supplied patch. The advisory does not specify the exact remediation for this CVE.
Preconditions
- authAttacker must have local user access to the system running ABRT
- configABRT version must be prior to 2.1.6
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.